The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• New MaaS InfoStealer Malware Campaign Targeting Oil & Gas Sector | Cofense
• Beyond principles: How to finally get a handle on security by design | Industrial Cyber
• Unmanaged third-party access threatens OT environments | Help Net Security
• DOE announces $45 million investment for cybersecurity research | Cyberscoop
• Steel giant ThyssenKrupp confirms cyberattack on automotive division | Bleeping Computer
• NTT DATA partners with Schneider Electric to drive AI innovation at the edge | Help Net Security

IT Vulnerabilities

• SlashAndGrab: The ConnectWise ScreenConnect Vulnerability Explained | Huntress
• Think Your ScreenConnect Server Is Hacked? Here’s What To Look For | Huntress
• Remediation and Hardening Guide for ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) | Mandiant

IT Malware, Threats & Risks

• 8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation | The Hacker News
• Top 5 Scam Techniques: What You Need to Know | Tripwire
• Qakbot mechanizes distribution of malicious OneNote notebooks | SC Media

Ransomware Awareness

• How the FBI and CISA look to mature the government’s top ransomware task force | The Record
• Ransomware: True Cost to Business 2024 | Cybereason
• 69% of Organizations Infected by Ransomware in 2023 | Infosecurity Magazine
• Cyber Insights | Ransomware Insights and Trends | 2024 | SecurityWeek
• Ransomware Roundup – Abyss Locker | Fortinet

Cyber Resilience & General Awareness

• NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure | Help Net Security
• Cybersecurity Training Not Sticking? How to Fix Risky Password Habits | Bleeping Computer
• Building Cyber resilience against AI-powered social engineering | AT&T  
• Defending against distributed denial of service (DDoS) attacks | Canadian Centre for Cyber Security
• Privacy Beats Ransomware as Top Insurance Concern | Dark Reading
• It’s time for security operations to ditch Excel | Help Net Security