The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- US Energy Sector Vulnerable to Supply Chain Attacks | InfoSecurity Magazine
- US Government Pledges to Cyber Threat Sharing Via TLP Protocol | InfoSecurity Magazine
- Addressing AI in Industrial Cybersecurity: A Strategic Imperative | IndustrialCyber
IT Vulnerabilities & Security Updates
- Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign | SecurityWeek
- CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage | Tenable
- Exploit released for new Windows Server "WinReg" NTLM Relay attack | BleepingComputer
IT Malware, Threats, Risks & Scams
- The New Cold War is Here: Preparing Your Business for The Convergence of Geopolitical, Physical and Cyber Threats | Flashpoint
- Dark Web Anti-Bot Services Let Phishers Bypass Google’s Red Page | HackRead
- Think You're Secure? 49% of Enterprises Underestimate SaaS Risks | TheHackerNews
- Fake CAPTCHA Pages Used by Lumma Stealer to Spread Fileless Malware | HackRead
Ransomware/Extortion
- Defending Against Ransom DDoS Attacks | Tripwire
- Avast Releases Free Decryptor for Mallox Ransomware | SecurityWeek
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks | TheHackerNews
Resilience, General Awareness & AI
- Google Voice scams: What are they and how do I avoid them? | ESET
- Mobile devices and business travellers | Canadian Centre for Cyber Security
- Security considerations for mobile device deployments | Canadian Centre for Cyber Security
- AI hallucinations can pose a risk to your cybersecurity | IBM SecurityIntelligence
- White House unveils plan for US government to keep its edge on AI development | TheRecord
