The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Preserving Integrity in OT Systems to Defend Against Living off the Land Techniques (Industrial Cyber)
- Tips for Achieving Success With a NERC CIP Audit (Tripwire)
- Microsoft ICSpector: A leap forward in industrial PLC metadata analysis (Help Net Security)
- MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure (Security Week)
- ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware, October 2022 (Dragos)
- Project PowerUp – Helping to keep the lights on in Ukraine in the face of electronic warfare (Talos)
IT Vulnerabilities & Threats
- Hackers are exploiting critical Apache Struts flaw using public PoC (Bleeping Computer)
- November 2023’s Most Wanted Malware: New AsyncRAT Campaign Discovered while FakeUpdates Re-Entered the Top Ten after Brief Hiatus (Check Point)
- New cybercrime market 'OLVX' gains popularity among hackers (Bleeping Computer)
Ransomware
- Ransomware Gangs Use PR Charm Offensive to Pressure Victims (Dark Reading)
