Supplemental Cyber Highlights – September 14, 2023
Created: Thursday, September 14, 2023 - 17:43
Categories: Cybersecurity
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities
Siemens has posted 2 more security advisories on its site this week: Siemens Security Advisories
IT Vulnerabilities, Malware & Threats
Multiple BGP implementations are vulnerable to improperly formatted BGP updates (Carnegie Mellon University)
Fake Cisco Webex Google Ads abuse tracking templates to push malware (Bleeping Computer)
Email campaigns leverage updated DBatLoader to deliver RATs, stealers (Security Intelligence)
LokiBot – Phishing Malware Baseline (Cofense)
‘Scan-and-exploit’ campaign snares unpatched Exchange servers (SC Magazine)
5 Password Cracking Techniques Used in Cyber Attacks (Proofpoint)
Unravelling the DNS DDoS Threat Landscape (Radware)
Ransomware Awareness
Hackers use new 3AM ransomware to save failed LockBit attack (Bleeping Computer)
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware (Trend Micro)
Cyber Resilience & General Awareness
How to Improve Security with SSO and MFA (Huntress)
5 Reasons Why You Should Conduct Regular Cybersecurity Audits (Tripwire)
Getting off the hook: 10 steps to take after clicking on a phishing link (We Live Security)
Lawmaker slams White House refusal to create plan for economy after potential cyberattack (The Record)
This is the attacker purportedly responsible for the InfraGard incident in December: FBI Hacker Dropped Stolen Airbus Data on 9/11 (Krebs On Security)