Supplemental Cyber Highlights – August 20, 2024
Created: Tuesday, August 20, 2024 - 18:20
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Incidents & Resilience
- Kentucky county’s clerk’s office breached in RansomHub attack | SC Magazine
- Ransomware attack on Flint affecting city services as FBI investigates incident | The Record
- Routers from China-based TP-Link a national security threat, US lawmakers claim | The Record
- Rising cybersecurity demands reshape ICS procurement strategies across critical infrastructure | Industrial Cyber
IT Vulnerabilities & Security Updates
- F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus | SecurityWeek
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor | The Hacker News
- Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign | The Hacker News
- Microsoft Entra ID bug lets attackers impersonate any synched user | SC Magazine
- Copy2Pwn Zero-Day Exploited to Bypass Windows Protections | SecurityWeek
IT Malware, Threats, Risks & Scams
- Are you blocking “keyboard walk” passwords in your Active Directory? | Bleeping Computer
- Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware | The Hacker News
- Post-authentication attacks: What they are and how to protect against them | SC Magazine
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks | The Hacker News
Ransomware/Extortion
- Newly emergent Mad Liberator ransomware gang detailed | SC Magazine
- New Mad Liberator gang uses fake Windows update screen to hide data theft | Bleeping Computer
Cyber Resilience, General Awareness & Artificial Intelligence
- CrowdStrike questions could give CISOs pause — with options available | CSO
- Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security? | SecurityWeek
- National Public Data Says Breach Impacts 1.3 Million People | SecurityWeek
- Fast Forward or Freefall? Navigating the Rise of AI in Cybersecurity | Tripwire