The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Mitsubishi Electric Factory Automation Flaws Expose Engineering Workstations (Security Week)
• DDoS attack on Pennsylvania court system knocks out filing systems, bail payment site (The Record)
• Chicago hospital, Illinois village impacted by cyberattacks (SC Magazine)
• OT Maintenance Is Primary Source of OT Security Incidents: Report (Security Week)
• INSA paper highlights importance of information sharing across sectors in defending US cyberinfrastructure (Industrial Cyber)
• Why Gen Z Is the New Force Reshaping OT Security (Dark Reading)
• Industry giants Clorox and Johnson Controls report financial losses from cyberattacks (The Record)
• Cyber pros are giving up on a key government program (Politico)

IT Vulnerabilities/Security Updates/Vulnerability Management

• Newest Ivanti SSRF zero-day now under mass exploitation (Bleeping Computer)
• How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities (Volexity)
• Windows Event Log zero-day flaw gets unofficial patches (Bleeping Computer)

IT Malware/Threats/Risks

• Customer Guidance on Emerging AnyDesk Cybersecurity Incident (SentinelOne)
• Detecting and Mitigating a Phishing Threat: “Greatness” (Sucuri)

Ransomware

• Ransomware Retrospective 2024: Unit 42 Leak Site Analysis (Unit42)
• Paying ransoms is becoming a cost of doing business for many (Help Net Security)

General Awareness/Preparedness/Resilience

• 8 things that should be in a company BEC policy document (CSO)
• Preparing Cybersecurity for the Super Bowl (Tripwire)
• Cyber security at home and in the office: Secure your devices, computers, and networks  (Canadian Centre for Cyber Security)