The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Vulnerabilities & Resilience

• Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication (Talos Intelligence)
• Cybersecurity Builds Trust in Critical Infrastructure (Dark Reading)
• Feds seek industry guidance on protecting, fostering critical technologies (SC Media)
• Get Ready for Dragos Industrial Security Conference (DISC) 2023 (Dragos)
• The Power of Building Management System (BMS) Cybersecurity (Claroty)
• You’re ready for the new SEC cybersecurity rules. Have you included your OT? (Cisco)
• New Armis data discloses riskiest connected assets introducing threats to global businesses (Industrial Cyber)
• MITRE, CISA publish open-source MITRE Caldera for OT plugins, supporting common industrial protocols (Industrial Cyber)
• Ukraine’s CERT discloses cyberattack on critical energy infrastructure by APT28 hacker group (Industrial Cyber)

IT Malware & Threats

• New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs (Hackread)
• Hackers stole Microsoft signing key from Windows crash dump (Bleeping Computer)
• Information disclosure through insecure design (Pen Test Partners)
• Cybercrime Tremors: Experts Forecast Qakbot Resurgence (Data Breach Today)
• It's a Zero-day? It's Malware? No! It's Username and Password (The Hacker News)
• Your non-employee “identity junk drawer” could lead to major security issue (SC Media)

IT Vulnerabilities

• A Vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Could Allow for Arbitrary Code Execution (CIS)
• Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio (Security Week)

Ransomware Resilience

• 5 Common Business Mistakes in Ransomware Prevention Planning (Tripwire)

Cyber Resilience & General Awareness

• Securing Your Legacy: Identities, Data, and Processes (Dark Reading)
• FAIR: A Framework for Revolutionizing Your Risk Analysis (CIS)
• Nudging Minds, Enhancing Defenses: 4 Ways to Unleash the Power of Nudge Theory in Security Awareness (Proofpoint)
• Easterly: CISA wrapping up cyber incident reporting rule (The Record)

Insider Threats (September is Insider Threat Awareness Month)

• How to improve the identity security of contract workers (SC Media)

Technical Posts (for security analysts, sysadmins, and other nerds)

• Wrong system time and insecure Secure Time Seeding (Kaspkersky)
• Steal-It Campaign (Zscaler)
• Creative Process Enumeration (TrustedSec)
• Security Relevant DNS Records (SANS Internet Storm Center)
• Analysis of a Defective Phishing PDF (SANS Internet Storm Center)