The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Rea Magnet Wire Company Hit in Ransomware Attack (ISS Source)
- Limitations of IT-Centric Remote Access Solutions in OT (Claroty)
IT Vulnerabilities
- Rapid7-Observed Exploitation of Atlassian Confluence CVE-2023-22518 (Rapid7)
- Multiple Vulnerabilities in Google Android OS Could Allow for Privilege Escalation (Center for Internet Security)
- Veeam warns of critical bugs in Veeam ONE monitoring platform (Bleeping Computer)
- Microsoft Says Exchange ‘Zero Days’ Disclosed by ZDI Already Patched or Not Urgent (Bleeping Computer)
IT Malware & Threats
- Researchers spot an increase in Jupyter infostealer infections (The Record)
- N. Korean BlueNoroff Blamed for Hacking macOS Machines with ObjCShellz Malware (The Hacker News)
- New GootLoader Malware Variant Evades Detection and Spreads Rapidly (The Hacker News)
- Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure (Security Affairs)
- Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset (Troy Hunt)
Ransomware
- TellYouThePass ransomware joins Apache ActiveMQ RCE attacks (Bleeping Computer)
- Microsegmentation proves its worth in ransomware defense (Help Net Security)
- Ransomware Readiness Assessments: One Size Doesn't Fit All (Dark Reading)
- US sanctions Russian who laundered money for Ryuk ransomware affiliate (Bleeping Computer)
Cyber Resilience
- NIST’s security transformation: How to keep up (Security Intelligence)
- Meet Your New Cybersecurity Auditor: Your Insurer (Dark Reading)
- When companies make everything a priority, nothing’s a priority (SC Media)
