(TLP:CLEAR) Supplemental Cyber Highlights – April 24, 2025
Created: Thursday, April 24, 2025 - 14:39
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Cyber-risks in the water sector: modernise and segment to protect yourself | Stormshield
- Cyberattack hits drinking water supplier in Spanish town near Barcelona | The Record
- Senior Pentagon Official Says Cyber Warfare Poses Significant Threat to Joint Force | U.S. Department of Defense
- ‘Living off the land’ a major cyber threat to critical infrastructure, report finds | Route Fifty
- Building a Better OT Ransomware Response Plan: A Simple Framework for ICS Environments | SANS
IT Vulnerability Security Updates
- CVE-2025-32433 affecting Erlang/Open Telecom Platform (OTP) SSH library | New Zealand National Cyber Security Centre
- Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw | SecurityWeek
- IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit | Cyble
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) | Help Net Security
IT Malware, Threats & Risks
- M-Trends 2025: Data, Insights, and Recommendations From the Frontlines | Google Cloud
- Exposed and unaware: The state of enterprise security in 2025 | Help Net Security
- State-sponsored hackers embrace ClickFix social engineering tactic | Bleeping Computer
Ransomware
- Ransomware Groups Evolve Affiliate Models | SecurityWeek
- The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases | Check Point
- Ransomware group Interlock enhances tactics with ClickFix and Infostealers | Broadcom
- The dangers of Ransomware as a Service | CCJ
Cyber Resilience, General Awareness, & AI
- Threat Spotlight: The Data Chase: Understanding Chinese Espionage Strategies | Reliaquest
- Protecting Against Insider Threats – Strategies for CISOs | Cyber Security News
- How to Harden Active Directory Against Ransomware Attacks | Alvaka
- Integrating AI and ML technologies across OT, ICS environments to enhance anomaly detection and operational resilience | Industrial Cyber