Supplemental Cyber Highlights – January 7, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Industrial cybersecurity coalitions rise to meet growing OT/ICS cyber threats, build awareness, take action | Industrial Cyber
• Critical Infrastructure Ransomware Attack Tracker Reaches 2,000 Incidents | SecurityWeek
• The Overlooked Risks of Open-Source Software in Industrial Security | Tripwire
• Chinese hackers targeted sanctions office in Treasury attack | Bleeping Computer

IT Vulnerability Security Updates

• Dell, HPE, MediaTek Patch Vulnerabilities in Their Products | SecurityWeek  
• Bad Tenable plugin updates take down Nessus agents worldwide | Bleeping Computer
• Windows 10 users urged to upgrade to avoid “security fiasco” | Bleeping Computer
• Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution | The Hacker News
• What We Know About CVE-2024-49112 and CVE-2024-49113 | Trend Micro

IT Malware, Threats & Risks

• FireScam Android Spyware Campaign Poses ‘Significant Threat Worldwide’ | Dark Reading
• Hackers Spoof Social Security Administration to Deliver ScreenConnect Remote Access Tool | Security Boulevard
• Users receive at least one advanced phishing link every week | Help Net Security
• Phishing Click Rates Triple in 2024 | Infosecurity Magazine

Cyber Resilience, General Awareness, & AI

• Anticipating the Cyber Frontier: Top Predictions for 2025 | SecurityWeek
• How AI and deepfakes are redefining social engineering threats | Help Net Security