Supplemental Cyber Highlights – October 5, 2023
Created: Thursday, October 5, 2023 - 19:05
Categories: Cybersecurity
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- How to Meet FY 2023 U.S. State and Local Cybersecurity Grant Program Objectives (Tenable)
- New U.S. SLCGP Cybersecurity Plan Requirement: Adopt Cybersecurity Best Practices Using CISA’s CPGs (Tenable)
- US Government Proposes SBOM Rules for Contractors (Infosecurity Magazine)
- How an Integrated Platform Approach Improves OT Security (Fortinet)
IT Malware & Threats
- Coming from inside the building: dark web recruitment of malicious insiders (CSO Online)
- Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance (The Hacker News)
- Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials (Dark Reading)
- USPS Anchors Snowballing Smishing Campaigns (Dark Reading)
IT Vulnerabilities
- Apple fixed the 17th zero-day flaw exploited in attacks (Security Affairs)
- Cisco fixes hard-coded root credentials in Emergency Responder (Bleeping Computer)
- Atlassian patches critical Confluence zero-day exploited in attacks (Bleeping Computer)
- Microsoft Edge, Teams get fixes for zero-days in open-source libraries (Bleeping Computer)
- Arm, Qualcomm warn GPU drivers are likely being exploited by hackers (The Record)
- New ‘Looney Tunables’ Linux bug gives root on major distros (The Record)
- Attacks on Maximum Severity WS_FTP Bug Have Been Limited — So Far (Dark Reading)
Ransomware
- Record Numbers of Ransomware Victims Named on Leak Sites (Infosecurity Magazine)
Cyber Resilience
- Breaches Are the Cost of Doing Business, but NIST Is Here to Help (Dark Reading)
- Mastering On-Premises DDoS Defense: A Guide to Leveraging Analytics for Peak Performance (Radware Blog)
- Does your security program suffer from piecemeal detection and response? (Security Intelligence)
- Red Cross Issues Wartime Hacktivist Rules (Infosecurity Magazine)
- Factors leading to organizations losing control over IT and security environments (Help Net Security)