Supplemental Cyber Highlights – September 26, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

• BitSight discloses zero-day vulnerabilities in ATG systems, posing major threat to critical infrastructure | Industrial Cyber
• Talos discovers denial-of-service vulnerability in Microsoft Audio Bus; Potential remote code execution in popular open-source PLC | Cisco Talos
• CISA: Hackers target industrial systems using “unsophisticated methods” | Bleeping Computer  
• China-linked hackers allegedly target US internet services in Salt Typhoon attack | Industrial Cyber

IT Vulnerability Security Update

• Cisco Patches High-Severity Vulnerabilities in IOS Software | SecurityWeek
• HPE Aruba Networking fixes critical flaws impacting Access Points | Bleeping Computer
• PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) | Help Net Security
• Windows 10 KB5043131 update released with 9 changes and fixes | Bleeping Computer

IT Malware, Threats & Risks

• Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam | Cisco Talos
• 82% of Phishing Sites Now Target Mobile Devices | Infosecurity Magazine
• N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | The Hacker News

Cyber Resilience, General Awareness

• Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks | SecurityWeek
• Understanding Network Attacks: Types, Trends, and Mitigation Strategies | Tripwire
• Expert Tips on How to Spot a Phishing Link | The Hacker News
• NIST Drops Password Complexity, Mandatory Reset Rules | Dark Reading