The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

ICS/OT/SCADA Threats & Vulnerabilities

• Flaws in Bently Nevada 3500 Allow Attackers to Bypass Authentication (Nozomi Networks)
• ICS Reconnaissance Attacks – Introduction to Exploiting Modbus (IT Security Guru)
• Building automation giant Johnson Controls hit by ransomware attack (Bleeping Computer)

Critical Infrastructure Resilience

• Cybersecurity for Building Automation Systems (BAS): Securing the Future (Dragos)
• US Federal Shutdown 'Dangerous and Irresponsible’ (GovInfoSecurity)

IT Malware & Threats

• Browser-in-the-Browser (BitB) Attack Takes Advantage of Single-Sign-On Trust (Cofense)
• SMS Security & Privacy Gaps Make It Clear Users Need a Messaging Upgrade (Google)
• QR codes in email phishing (Securelist)

IT Vulnerabilities

• Cisco Warns of IOS Software Zero-Day Exploitation Attempts (Security Week)
• CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities (Tenable)
• CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities (Tenable)
• New GPU Side-Channel Attack Allows Malicious Websites to Steal Data (Security Week)

Ransomware

• This post references the 31-page After-Action Report outlining what happened before, during and after the ransomware attack. Dallas: Royal ransomware gang infiltrated networks weeks before striking (The Record)
• Preventing Ransomware and Malware Starts with Good Cyber Hygiene (Infosecurity Magazine)
• Ransomware groups are shifting their focus away from larger targets (Help Net Security)
• ‘Snatch’ Ransom Group Exposes Visitor IP Addresses (Krebs on Security)
• Leading CISO Creates Model for Ransomware Payment Decisions (Infosecurity Magazine)

Cyber Resilience

• Can we fix the weaknesses in password-based authentication? (Bleeping Computer)
• Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost (IT Security Guru)
• How to avoid the 4 main pitfalls of cloud identity management (Help Net Security)

General Awareness

• New AtlasCross hackers use American Red Cross as phishing lure (Bleeping Computer)
• The clock is ticking for businesses to prepare for mandated certificate automation (Help Net Security)