The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations | SecurityWeek
- 3 New State-Backed Gangs Target Govt Sectors with HEAT Attack Methods | HackRead
IT Vulnerabilities & Security Updates
- Juniper Networks Warns of Critical Authentication Bypass Vulnerability | SecurityWeek
- Cisco Patches NX-OS Zero-Day Exploited by Chinese Cyberspies | SecurityWeek
- Splunk Patches High-Severity Vulnerabilities in Enterprise Product | SecurituWeek
- Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack | SecurityWeek
- Fortra Patches Critical SQL Injection in FileCatalyst Workflow |SecurityWeek
- MerkSpy: Exploiting CVE-2021-40444 to Infiltrate Systems | Fortinet
- Hackers exploit critical D-Link DIR-859 router flaw to steal passwords | BleepingComputer
IT Malware, Threats & Risks
- Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack | SecurityWeek
- TeamViewer: Hackers copied employee directory and encrypted passwords | TheRecord
- Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz | Rapid7
- New Unfurling Hemlock threat actor floods systems with malware | BleepingComputer
- 8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining | TheHackerNews
Cyber Resilience & General Awareness
- ‘I don’t see it happening’: CISA chief dismisses ban on ransomware payments | TheRecord
- End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities | TheHackerNews
- Keep the Cloud Secure with CIS after Migrating to the Cloud | Center for Internet Security (CIS)
- Want to scale cyber defenders? Focus on AI-enabled security and organization-wide training | CyberScoop
