(TLP:CLEAR) Supplemental Cyber Highlights – February 20, 2025
Created: Thursday, February 20, 2025 - 13:54
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says | CyberScoop
- Weathering the storm: In the midst of a Typhoon | Cisco Talos
- What Is the Board’s Role in Cyber-Risk Management in OT Environments? | Dark Reading
- Free Diagram Tool Aids Management of Complex ICS/OT Cybersecurity Decisions | SecurityWeek
- Dragos reports evolving ransomware threat landscape with increased operational disruptions as attacks target ICS | Industrial Cyber
IT Vulnerability Security Updates
- Microsoft fixed actively exploited flaw in Power Pages | Security Affairs
- OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks | SecurityWeek
- Microsoft testing fix for Windows 11 bug breaking SSH connections | Bleeping Computer
- Critical Vulnerability Patched in Juniper Session Smart Router | SecurityWeek
IT Malware, Threats & Risks
- How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying | SecurityWeek
- Edge device vulnerabilities fueled attack sprees in 2024 | CyberScoop
- Cybercriminals shift focus to social media as attacks reach historic highs | Help Net Security
- Microsoft Warns of Improved XCSSET macOS Malware | SecurityWeek
Ransomware
- Ransomware: The $270 Billion Beast Shaping Cybersecurity—Insights from Cyentia’s Latest Report | Tripwire
- Advanced Ransomware Evasion Techniques in 2025 | Tripwire
- Dark Web Profile: Fog Ransomware | SOCRadar
Cyber Resilience, General Awareness, & AI
- Cyber hygiene habits that many still ignore | Help Net Security
- Hundreds of US Military and Defense Credentials Compromised | Infosecurity Magazine
- How Hackers Manipulate Agentic AI with Prompt Engineering | SecurityWeek