The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
- New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward – Security Week
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint – Security Week
- Americans 'Need to Be Prepared' for Chinese Cyberattacks – Voice of America
- Obfuscation tool ‘BatCloak’ evades 80% of AV engines – SC Magazine
- Top vulnerabilities so far of 2023: Apache Superset, Papercut, MOVEit and, yes, ChatGPT – SC Magazine
- Business Email Compromise: The $50 Billion Scam – FBI
- COSMICENERGY Malware Is Not an Immediate Threat to Industrial Control Systems – Dragos
- Confirmation of prior WaterISAC assessment - OT/ICS Threat Awareness – COSMICENERGY: New OT-Focused Malware Discovered by Mandiant
- Thoughts on scheduled password changes (don’t call them rotations!) - Sophos
