Security Awareness – A Must Read if your Utility Uses Email and Pays Invoices: BEC with a New Twist
by Jennifer Lyn Walker
Cybersecurity
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 10, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Threat Trend Awareness – CrowdStrike 2023 Threat Hunting Report: Attackers Preferring Interactive Hands-on-Keyboard Intrusions
CrowdStrike released its 2023 Threat Hunting Report, with a key takeaway being that the average time between attackers gaining an initial foothold on a victim’s network and compromising additional devices is 79 minutes, down from 84 minutes in 2022.
Threat Awareness – EvilProxy Hybrid Phishing Campaign Targeting Executive Accounts at Over 100 Global Organizations
Proofpoint has written a blog discussing its research into an EvilProxy-based campaign targeting high-level business leaders across 100 global organizations. Successful cloud account takeover incidents have increased over 100 percent over the last six months, with the ultimate goal of establishing persistent access to executive’s business accounts.
Supplemental Cyber Highlights – August 8, 2023
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities
CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – August 8, 2023
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Two Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
Security Awareness – The Threat of the Malicious QR Code and How to Mitigate It
AT&T has posted a blog discussing the threat of malicious QR codes and how to mitigate them. Due to the ease of creation and the convenience of use, QR codes are a popular method organizations use to drive web traffic from the physical to the virtual. However, QR codes also engender trust, which can be abused by threat actors.
Ransomware Awareness – Ransomware Source Code Leaks Leading to Proliferation of High Quality Ransomware Variants
Talos has written a blog discussing ransomware code leaks and how they impact the threat landscape by making it easier for new threat actors to quickly build their own malware variants to deploy against potential victims.
Joint Cybersecurity Advisory on Top Routinely Exploited Vulnerabilities of 2022
Today, CISA, the National Security Agency (NSA), the FBI, and international partners published a joint Cybersecurity Advisory (CSA), 2022 Top Routinely Exploited Vulnerabilities.
Joint Cybersecurity Advisory on Threat Actors Exploiting Ivanti EPMM Vulnerabilities
This week, CISA and the Norwegian National Cyber Security Centre (NCSC-NO) released a joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-35078 and CVE-2023-35081 affecting Ivanti Endpoint Manager Mobile (EPMM) (formerly known as MobileIron Core). Threat actors can chain these vulnerabilities to gain initial, privileged access to EPMM systems and execute uploaded files, such as webshells.
Pages
