Supplemental Cyber Highlights – January 21, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution | Security Affairs
• Biden issues executive order to further strengthen national cybersecurity, targets digital defense and accountability | Industrial Cyber
• Addressing the intersection of cyber and physical security threats | Help Net Security
• 5 Key OT Cybersecurity Strategies from the WEF Global Cybersecurity Outlook 2025 | Industrial Cyber

IT Vulnerability Security Updates

• Microsoft fixes Windows Server 2022 bug breaking device boot | Bleeping Computer
• Oracle To Address 320 Vulnerabilities in January Patch Update | Infosecurity Magazine
• Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol Flaws | SecurityWeek

IT Malware, Threats & Risks

• MFA Failures – The Worst is Yet to Come | Bleeping Computer
• 6 Cyber Security Challenges Emerge from World Economic Forum, Check Point Research on 2025 Threats | Check Point

Ransomware

• Medusa Ransomware: What You Need To Know | Tripwire
• Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches | Security Affairs

Cyber Resilience, General Awareness, & AI

• Microsoft starts force upgrading Windows 11 22H2, 23H3 devices | Bleeping Computer
• TikTok is back up in the US after Trump says he will extend deadline | Bleeping Computer
• AI-driven insights transform security preparedness and recovery | Help Net Security