Supplemental Cyber Highlights – September 5, 2023

The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Nozomi finds vulnerabilities in SEL software applications used in engineering workstations (Industrial Cyber)
• The Essential Guide to the NIST SP 800-82 document (Industrial Cyber)
• Securing the future: Safeguarding cyber-physical systems (CSO Online)
• A Brief History of ICS-Tailored Attacks (Dark Reading)

IT Vulnerabilities & Threats

• Exploit released for critical VMware SSH auth bypass vulnerability (Bleeping Computer)
• Okta: Hackers target IT help desks to gain Super Admin, disable MFA (Bleeping Computer)
• Chrome extensions can steal plaintext passwords from websites (Bleeping Computer)
• What’s in a NoName? Researchers see a lone-wolf DDoS group (The Record)
• How attackers exploit QR codes and how to mitigate the risk (CSO Online)
• Why is .US Being Used to Phish So Many of Us? (Krebs on Security)
• Prompt injection could be the SQL injection of the future, warns NCSC (Malwarebytes)

Ransomware Awareness

• Hacker group compromises MSSQL servers to deploy FreeWorld ransomware (CSO Online)

Cyber Resilience & General Awareness

• House cyber committee chair seeks update from CISA on info-sharing relationships (SC Media)
• How companies can get a grip on ‘business email compromise’ (Check Point)
• Understand the fine print of your cyber insurance policies (Help Net Security)
• Data Protection Best Practices (Mandiant)
• Revisiting Traditional Security Advice for Modern Threats (Mandiant)
• Supply chain related security risks, and how to protect against them (Malwarebytes)
• How to stop your site from being a partner in crime (Kaspersky)
• 2023 Cost of a Data Breach: Key Takeaways (Tripwire)