Supplemental Cyber Highlights – September 5, 2024

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT Vulnerability Management

• SANS Institute highlights urgent need for enhanced ICS/OT security amid rising cyber threats | Industrial Cyber
• Effective OT vulnerability management: Prioritizing what matters | OTBase

IT Vulnerability Security Update

• Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks | The Hacker News
• Cisco fixes root escalation vulnerability with public exploit code | Bleeping Computer
• Vulnerability allows Yubico security keys to be cloned | Help Net Security
• Discontinued D-Link DIR-846 routers are affected by code execution flaws. Replace them! | Security Affairs

IT Malware, Threats & Risks

• Phishing in the Fast Lane: The Attacker’s Eye View | Huntress  
• APP Fraud Dominates as Scams Hit All-Time High | Infosecurity Magazine
• FBI: North Korean Actors Readying Aggressive Cyberattack Wave | Dark Reading

Ransomware/Extortion

• Ransomware attacks escalate as critical sectors struggle to keep up | Help Net Security  
• Active Ransomware Groups Surge by 56% in 2024| Infosecurity Magazine

Cyber Resilience, General Awareness & AI

• NIST Cybersecurity Framework (CSF) and CTEM – Better Together | The Hacker News
• Employee Cybersecurity Awareness Training Strategies for AI-Enhanced Attacks | Tripwire