Supplemental Cyber Highlights – September 26, 2023
Created: Tuesday, September 26, 2023 - 17:41
Categories: Cybersecurity
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Opportunity to Test GPS Equipment (ISS Source)
- Visibility: An Essential Component of Industrial Cyber Security (Tripwire)
- Engineering-Grade OT Protection (Dark Reading)
- Every Network Is Now an OT Network. Can Your Security Keep Up? (Security Week)
- ICS protocol coverage using Snort 3 service inspectors (Cisco’s Talos Intelligence)
- An In-Depth Look at OPC-UA Cyber Threats – Part 3: OPC Server Authentication Traffic (txOne)
IT Threats & Risks
- The Growing Risks of Shadow IT and SaaS Sprawl (Security Intelligence)
- How Attackers Get In: Unpatched Vulnerabilities and Compromised Credentials (CSO Online)
Ransomware Awareness
- City of Dallas Details Ransomware Attack Impact, Costs (Security Week)
- ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers (Bleeping Computer)
- Ransomware Roundup – Retch and S.H.O. (Fortinet)
- Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers (The Hacker News)
- Unmasking ransomware threat clusters: Why it matters to defenders (CSO Online)
Cyber Resilience
- Fortifying your wireless network: A comprehensive guide to defend against wireless attacks (AT&T Cybersecurity)
- How Choosing Authentication Is a Business-Critical Decision (Dark Reading)
- Beyond the firewall: Navigating SaaS security challenges (AT&T Cybersecurity)
- Ensuring vendor integrity: Why the cloud shouldn’t be your only backup (AT&T Cybersecurity)
General Awareness & Reports
- Half of Cyber-Attacks Go Unreported (Infosecurity Magazine)
- What is Alert Deafness? (Check Point)
- Navigating the Digital Frontier in Cybersecurity Awareness Month 2023 (Security Week)
- Cyber insurance claims spiked in first half of 2023 as ransomware attacks surged: report (The Record)
Technical Posts (for security analysts, sysadmins, and other nerds)
- A new spin on the ZeroFont phishing technique (SANS Internet Storm Center)
- ZenRAT: Malware Brings More Chaos Than Calm (Proofpoint)
- From ScreenConnect to Hive Ransomware in 61 hours (The DFIR Report)
- Stop Phishing Yourself: How Auto-Forwarding and Exchange Contacts Can Stab You in the Back (Black Hills Information Security)