Supplemental Cyber Highlights – September 17, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Which States Are Most at Risk for Cyberattacks on Government and Infrastructure? | Huntress

IT Vulnerability Security Updates

• SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager | Security Affairs
• PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) | Help Net Security
• Apple Patches Major Security Flaws With iOS 18 Refresh | SecurityWeek
• D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers | Bleeping Computer

IT Malware, Threats & Risks

• ‘Void Banshee’ Exploits Second Microsoft Zero-Day | Dark Reading
• Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks | The Hacker News
• Navigating the Cloud Chaos: 2024’s Top Threats Revealed | Tripwire  

Cyber Resilience & General Awareness

• Post-CrowdStrike Fallout: Microsoft Redesigning EDR Vendor Access to Windows Kernel | SecurityWeek  
• From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook | The Hacker News
• The growing danger of visual hacking and how to protect against it | Help Net Security