The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure

• Leveraging Insights from New Top Analyst Report for Your OT Environment | Dragos
• Targeting Operational Technology: The Hacktivist's Path to Public Attention and Disruption | Dragos

IT Vulnerabilities & Security Updates

• Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited | SecurityWeek
• Fortinet Patches Code Execution Vulnerability in FortiOS | SecurityWeek
• CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U | Rapid7

IT Malware, Threats & Risks

• Phishing Attacks Targeting US and European Organizations Double | Infosecurity Magazine
• The Evolution of QR Code Phishing: ASCII-Based QR Codes | Checkpoint
• WithSecure Reveals Mass Exploitation of Edge Software and Infrastructure Appliances | Infosecurity Magazine

Ransomware

• 8 critical lessons from the Change Healthcare ransomware catastrophe | CSO
• RansomHub Brings Scattered Spider Into Its RaaS Fold | Dark Reading
• Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw | The Hacker News

Cyber Resilience & General Awareness

• Top 10 IT security actions: Number 4 harden operating systems and applications (ITSM.10.090) | Canadian Centre for Cyber Security
• What cybersecurity can learn from the automotive industry | SC Magazine
• Cyber Insurance Claims Hit Record High in North America | Infosecurity Magazine