The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Managing OT and IT Risk: What Cybersecurity Leaders Need to Know | Tenable
- SANS Institute 2024 survey reveals progress and gaps in ICS/OT cybersecurity for critical infrastructure | Industrial Cyber
- DHS warns of escalating threats to US critical infrastructure in 2025 Homeland Threat Assessment | Industrial Cyber
IT Vulnerability Security Update
- Qualcomm patches high-severity zero-day exploited in attacks | Bleeping Computer
- Critical Apache Avro SDK RCE flaw impacts Java applications | Security Affairs
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability | The Hacker News
IT Malware, Threats & Risks
- Advanced Threat Group GoldenJackal Exploits Air-Gapped Systems| Infosecurity Magazine
- Insider Threat Damage Balloons as Visibility Gaps Widen | Dark Reading
- Websites are losing the fight against bot attacks | Help Net Security
- From Collaboration to Deception: The Zoom Phishing Threat | Cofense
Ransomware
- White House official says insurance companies must stop funding ransomware payments | The Record
- International Counter Ransomware Initiative meets again, strengthens commitment to collaborate and address threats | Industrial Cyber
- CRI Releases Guidance on Avoiding Ransomware Payments | Infosecurity Magazine
Cyber Resilience & General Awareness
- Why your password policy should include a custom dictionary wordlist | Bleeping Computer
- Justifying Compliance Tools Before a Breach Occurs | Tripwire
