The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• EPA says litigation from Republicans, water companies forced withdrawal of cybersecurity memo (The Record)
• EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits (Security Week)
• ELITEWOLF: NSA’s repository of signatures and analytics to secure OT (HelpNetSecurity)
• The Critical Role of Cyber Threat Intelligence in Today’s ICS/OT Threat Landscape (Dragos)
• Process Safety and OT Security – A Symbiotic Relationship (Industrial Cyber)
• Empowering OT security to navigate infrastructure cyber threats using NIST SP 800-82r3 recommendations (Industrial Cyber)

ICS/OT/SCADA Vulnerabilities & Threats

• Critical Vulnerabilities Expose ​​Weintek HMIs to Attacks (Security Week)
• Milesight Industrial Router Vulnerability Possibly Exploited in Attacks (Security Week)
• Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm (Security Affairs)

IT Vulnerabilities, Malware & Threats

• Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability (Cisco Talos)
• Juniper Networks Patches Over 30 Vulnerabilities in Junos OS (Security Week)
• DarkGate Malware Spread via PDF Files Through Microsoft Teams and Skype (Heimdal Security)
• Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (Proofpoint)

Ransomware

• Ransomware realities in 2023: one employee mistake can cost a company millions (Security Affairs)
• Principles for ransomware-resistant cloud backups (UK-NCSC)
• Newest Ransomware Trend: Attackers Move Faster with Partial Encryption (Check Point)
• Ransomware Roundup – Akira (Fortinet)

General Awareness

• How the Hamas-Israeli conflict puts CISOs on the spot (CSO Online)
• Are typos still relevant as an indicator of phishing? (SANS Internet Storm Center)
• Anticipating the benefits of a passwordless tomorrow (HelpNetSecurity)

Technical Posts (for security analysts, sysadmins, and other nerds)

• Blocking Dedicated Attacking Hosts Is Not Enough: In-Depth Analysis of a Worldwide Linux XorDDoS Campaign (Unit42)
• The forgotten malvertising campaign (Malwarebytes)
• Domain Name Used as Password Captured by DShield Sensor (SANS Internet Storm Center)
• What's Normal: MAC Addresses (SANS Internet Storm Center)
• What is HSTS: HTTP Strict Transport Security (Sucuri)