(TLP:CLEAR) Supplemental Cyber Highlights – February 6, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• ISA releases updated ANSI/ISA-62443-2-1-2024 standard to strengthen industrial cybersecurity | Industrial Cyber
• Cyber Insights 2025: OT Security | Security Week
• Waterbury joins DEF CON Franklin program to strengthen cybersecurity for water systems | Industrial Cyber
• State of CPS Security: OT Exposures 2025 | Claroty

IT Vulnerability Security Updates

• Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft | The Hacker News
• F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks | gbhackers
• AMD fixes bug that lets hackers load malicious microcode patches | Bleeping Computer

IT Malware, Threats & Risks

• Pentagon scrambles to block DeepSeek after employees connect to Chinese servers | TechCrunch
• Scalable Vector Graphics files pose a novel phishing threat | Sophos
• Survey: Cyber fraud against businesses increased in 2024 | ABA Banking Journal
• Beware of fake Reddit solutions delivering dangerous malware | Cyberguy

Cyber Resilience, General Awareness, & AI

• As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say | The Record
• What Is Attack Surface Management? | The Hacker News
• State and local governments should prepare for changes to CISA, cyber experts say | StateScoop
• Top 5 AI-Powered Social Engineering Attacks | The Hacker News
• Deploying AI at the edge: The security trade-offs and how to manage them | Help Net Security