The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience, Vulnerabilities, Threats & Incidents

• ALPHV/BlackCat dangles threat to critical infrastructure after allegedly ‘unseizing’ site from FBI (SC Magazine)
• BlackCat Ransomware Raises Ante After FBI Disruption (KrebsOnSecurity)
• Perhaps not harbingers, but definitely reason to remain vigilant: Attacks on critical infrastructure are harbingers of war: Are we prepared? (SC Magazine)
• Exploits Available for Radio Transmitter Holes (ISSSource)
• Developing and Executing a Fully Informed OT Threat Hunt (Dragos)
• Physical Access Systems Open Cyber Door to IT Networks (DarkReading)
• Telecom organizations in Africa targeted by Iran-linked hackers (The Record)

IT Vulnerabilities

• Ivanti releases patches for 13 critical Avalanche RCE flaws (Bleeping Computer)
• Microsoft discovers critical RCE flaw in Perforce Helix Core Server (Bleeping Computer)
• Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler)
• 2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is (Qualys)
• 1 in 4 high-risk CVEs are exploited within 24 hours of going public (SC Magazine)

IT Malware, Threats & Risks

• Fake F5 BIG-IP zero-day warning emails push data wipers (Bleeping Computer)
• BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint)
• Do you perform deep packet inspection on SSL traffic? 86% of cyberattacks are delivered over encrypted channels (HelpNetSecurity)
• New JaskaGO Malware Stealer Threatens Windows and MacOS Operating Systems (Heimdal Security)
• New MetaStealer malvertising campaigns (Malwarebytes)
• New Web injections campaign steals banking data from 50,000 people (Bleeping Computer)

Ransomware

• Ransomware gangs increasingly cozy up to media (SC Magazine)
• Remote Encryption Attacks Surge: How One Vulnerable Device Can Spell Disaster (The Hacker News)
• Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team (The Hacker News)

Cyber Resilience

• security.txt: A Simple File with Big Value (CISA)
• The password attacks of 2023: Lessons learned and next steps (Bleeping Computer)
• Penetration testing (UK-NCSC)
• Enjoy! What Home Alone teaches us about proactive defense (Red Canary)
• Teach Yourself to Phish: The Strategy Behind Phishing Simulations (Huntress)

General Awareness & Reports

• Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices (The Hacker News)
• ESET Threat Report H2 2023 (ESET)
• These aren’t the Androids you should be looking for (ESET)
• AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime (HelpNetSecurity)

Technical Posts (for security analysts, sysadmins, and other nerds)

• Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518) (SANS Internet Storm Center)
• How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary] (SANS Internet Storm Center)
• What is a Content Security Policy (CSP) (Sucuri)
• Windows CLFS and five exploits used by ransomware operators (Securelist)