The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric (Security Week)
- Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party (Security Week)
- Wrong: “You Can’t Protect What You Don’t Know” (Dale Peterson)
- OT Continuous Monitoring – Hype or Hyperbole? (Nozomi Networks)
- How Does IoT Contribute to Real-Time Grid Monitoring for Enhanced Stability and Fault Detection? (Tripwire)
- A Closer Look at State and Local Government Cybersecurity Priorities (Dark Reading)
- Collaborative strategies are key to enhanced ICS security (Help Net Security)
- NCSC warns of enduring and significant threat to UK's critical infrastructure (UK NCSC)
- SBOMs’ Role in Helping to Protect ICS (ISS Source)
- SektorCERT reports cyber attack against Danish critical infrastructure, raises concerns of state involvement (Industrial Cyber)
Ransomware
- Ransomware Prevention for Small Businesses: Practical Tips and Recommendations (Flashpoint)
- The evolution of ransomware: Lessons for the future (Security Intelligence)
- How to combat ransomware in the face of tight security staffing (SC Magazine)
- MOVEit Hackers Pivot to SysAid Zero-Day in Ransomware Attacks (Dark Reading)
- Same threats, different ransomware (Sophos)
Cyber Resilience, General Awareness & Reports
- Against the Clock: Cyber Incident Response Plan (Trend Micro)
- SolarWinds Fallout: Why CISOs need proof of resilience to avoid fines – or worse (SC Magazine)
- NCSC Annual Review 2023 (UK NCSC)
- SaaS Vendor Risk Assessment in 3 Steps (Dark Reading)
- The Song Remains the Same: The 2023 Active Adversary Report for Security Practitioners (Sophos)
