The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• US is still chasing down pieces of Chinese hacking operation, NSA official says | The Record  
• Researchers spot updated version of malware that hit Viasat | Cyberscoop
• Confronted with Chinese hacking threat, industrial cybersecurity pros ask: What else is new? | Cyberscoop
• Ransomware attack hamstrings three District Attorneys’ offices in NM | Source NM
• Network outages in Birmingham persist as city officials stay tight-lipped | The Record

IT Vulnerabilities

• PoC Published for Critical Fortra Code Execution Vulnerability | SecurityWeek
• Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) | Help Net Security

IT Malware, Threats, and Risks

• Firmware Monitoring is Just a Snapshot Away | Tripwire
• What is .htaccess Malware? (Detection, Symptoms & Prevention) | Sucuri
• Human risk factors remain outside of cybersecurity pros’ control | Help Net Security
• Is your VPN reaching End of Maintenance? Don’t let it put you at risk | Check Point  
• Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites | The Hacker News
• PinnacleOne ExecBrief | Nation-State Targeting of Enterprise Cloud | SentinelOne
• Key MITRE ATT&CK techniques used by cyber attackers | Help Net Security
• Phishing Through Venmo | Check Point
• SIM swappers hijacking phone numbers in eSIM attacks | Bleeping Computer

Ransomware

• The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions | Talos
• STOP ransomware, more common than LockBit, gains stealthier variant | SC Media
• British Library hailed by UK cyber agency for its response to ransomware attack | The Record

Preparedness/Resilience

• Redefining multifactor authentication: Why we need passkeys | CSO
• Identity security: Challenges and best practices | SC Media

General Awareness

• NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged | HackRead
• Microsoft announces deprecation of 1024-bit RSA keys in Windows | Bleeping Computer
• Google Chrome gets real-time phishing protection later this month | Bleeping Computer