Articles of interest from the week of August 22, 2022

The Election Infrastructure-ISAC Wants To ‘Reintroduce’ Itself

Four years into its existence, a cybersecurity and intelligence-sharing operation built for state and local election officials now numbers more than 3,400 members, has added several new products, and has become a mainstay of a once-skeptical community of election administrators scattered across the country.

Amid that growth, though, and rising staff turnover at individual election offices, the Election Infrastructure Information Sharing and Analysis Center, or EI-ISAC, is “reintroducing” itself, the operation’s director, Marci Andino, told StateScoop this week. (StateScoop)

Russian Hackers Get the Headlines. But China Is the Bigger Threat to Many US Enterprises.

Experts told Protocol that the Chinese government’s efforts to steal intellectual property require more attention from targeted businesses — and in some cases, a different approach to cyber defense. (Protocol)

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update last week, could allow for arbitrary code execution and is under active attack. (Threatpost)

“Evil PLC Attack” Weaponizes PLCs To Infect Engineering Workstations

Researchers demonstrate a proof of concept where hijacked programmable logic controllers can compromise engineering workstations to allow lateral movement. (CSO)

Ransomware: Most Attacks Exploit These Common Cybersecurity Mistakes – So Fix Them Now, Warns Microsoft

The vast majority of ransomware attacks begin with cyber criminals exploiting common cybersecurity errors, which – if correctly managed – could prevent most victims from falling prey to attacks. Microsoft analyzed anonymized data of real threat activity and, according to the company's new Cyber Signals report, found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices. (ZDNet)