The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
- ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others | SecurityWeek
- Salt Typhoon poses a serious supply chain risk to most organizations | CSO Online
- Fortress reports security risks in Chinese software threatening US critical infrastructure | Industrial Cyber
- US House passes legislation to bolster cyber defenses against Chinese state-sponsored threats | Industrial Cyber
- Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches | Cyberscoop
- FCC to Demand Telcos Improve Security | Risky Biz News
- Utility Companies Face 42% Surge in Ransomware Attacks | Infosecurity Magazine
IT Vulnerability Security Updates
- Microsoft Patch Tuesday: December 2024 | SANS
- Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application | SecurityWeek
- Apple Pushes Major iOS, macOS Security Updates | SecurityWeek
- Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks | SecurityWeek
IT Malware, Threats & Risks
- Open source malware up 200% since 2023 | Help Net Security
- Researchers Crack Microsoft Azure MFA in an Hour | Dark Reading
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools | The Hacker News
- Hackers Exploit Misconfigurations in Public Websites With Improperly Exposed AWS Credentials | Infosecurity Magazine
Ransomware
- 3AM Ransomware: What You Need To Know | Tripwire
- Lynx ransomware behind Electrica energy supplier cyberattack | Bleeping Computer
Cyber Resilience, General Awareness, & AI
- China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide | U.S. DOJ
- 27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season | Tripwire
- Inside the incident: Uncovering an advanced phishing attack | Bleeping Computer
- Shaping effective AI governance is about balancing innovation with humanity | Help Net Security
