The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

IT Vulnerabilities & Security Updates

• Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) | Help Net Security
• Cisco SSM On-Prem bug lets hackers change any user's password | Bleeping Computer
• Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability | SecurityWeek
• Atlassian Patches High-Severity Vulnerabilities in Bamboo, Confluence, Jira | SecurityWeek
• The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409 | Trendmicro  
• Oracle Patches 240 Vulnerabilities With July 2024 CPU | SecurityWeek

IT Malware, Threats, and Risks

• SEG vs. SEG: How Threat Actors are Pitting Email Security Products Against Each Other With Encoded URLs | Cofense
• Hacked YouTube Channels Use Trump Assassination News to Push Crypto Scam | Hackread
• Container Breakouts: Escape Techniques in Cloud Environments | Unit42
• Novel JellyFish Loader malware emerges| SC Magazine
• TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks | The Hacker News
• 'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins | The Hacker News

Ransomware/Extortion (may include ransomware breaches/incidents, or all things ransomware across all sectors)

• Microsoft links Scattered Spider hackers to Qilin ransomware attacks | Bleeping Computer  
• Ultra Malware Targeting EDR Products in Ransomware Attacks | Trustedsec
• Q2 2024 ransomware stats reflect shifting RaaS landscape | SC Magazine

Cyber Resilience, General Awareness & AI

• Navigating Insider Risks: Are your Employees Enabling External Threats? | The Hacker News
• Cyber insurance: How to achieve the right coverage | SC Magazine
• ChatGPTriage: How can CISOs see and control employees’ AI use? | Help Net Security
• Proactive Cyber Defense: The Essential Role of Internal Penetration Testing in the Age of AI | AT&T
• Email addresses of 15 million Trello users leaked on hacking forum | Bleeping Computer
• US Data Breach Victim Numbers Surge 1170% Annually | Infosecurity Magazine