The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure
- Greater Paris wastewater agency dealing with cyberattack (The Record)
- Long Beach, California turns off IT systems after cyberattack (Bleeping Computer)
- US Announces $70 Million Cybersecurity Boost for Rural, Municipal Utilities (SecurityWeek)
- CISA debuts cybersecurity shared services pilot to tackle critical infrastructure threats (Industrial Cyber)
- Five Startling Findings In 2023’s ICS Cybersecurity Data (SANS Institute)
- 250 Organizations Take Part in Electrical Grid Security Exercise (Security Week)
- Detailed data on employees of U.S. national security lab leak online (CyberScoop)
IT Vulnerabilities
- Frequently Asked Questions for CitrixBleed (CVE-2023-4966) (Tenable)
- Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) (HelpNetSecurity)
IT Malware & Threats
- How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography (The Hacker News)
- Black Friday & Cyber Monday | A Guide to Avoiding Cyber Scams During the Holidays (SentinelOne)
- The alarming rise of quishing is a red flag for CISOs (CSO Online)
- Linux Intrusions – A Growing Problem (SANS Institute)
- Are DarkGate and PikaBot the new QakBot? (Cofense)
- Lumma Stealer malware now uses trigonometry to evade detection (Bleeping Computer)
- Gamaredon's LittleDrifter USB malware spreads beyond Ukraine (Bleeping Computer)
Ransomware
- A deep dive into Phobos ransomware, recently deployed by 8Base group (Cisco Talos)
- THREAT ALERT: INC Ransomware (CyberReason)
Cyber Resilience
- The Human Factor of Cyber Security (Check Point)
Technical Posts (for security analysts, sysadmins, and other nerds)
