The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Hikvision Patches High-Severity Vulnerability in Security Management System | Security Week
- Get the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities | AT&T
- Ransomware on cyber-physical systems: Taxonomies, case studies, security gaps, and open challenges | ScienceDirect
- Zeek Security Tool Vulnerabilities Allow ICS Network Hacking | Security Week
- American Express credit cards exposed in third-party data breach | Bleeping Computer
- Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers | Security Week
IT Vulnerabilities, Malware, Threats & Risks
- Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | Cyberscoop
- 95% believe LLMs making phishing detection more challenging | Help Net Security
- ScreenConnect flaws exploited to drop new ToddleShark malware | Bleeping Computer
- PikaBot malware on the rise: What organizations need to know | Malwarebytes Labs
- New Bifrost malware for Linux mimics VMware domain for evasion | Bleeping Computer
Ransomware
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom | Bleeping Computer
- Defend against human-operated ransomware attacks with Microsoft Copilot for Security | Microsoft
- Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO | Trend Micro
Cyber Resilience & General Awareness
- If you are generating SAML signing certificates externally, STOP!! | CSO
- Insights: RMM Tools | Huntress
- Secure by Design: Google’s Perspective on Memory Safety | Google Security Blog
- How to protect against QR code phishing attacks | SC Media
- How attackers leverage social engineering for greater scamming success | CSO
- Products on your perimeter considered harmful (until proven otherwise) | UK National Cyber Security Centre
