Image
CyberWatch by Bureau Veritas: April 2024

CyberWatch by Bureau Veritas: April 2024

Apr. 24 2024

VULNERABILITY

Siemens & Schneider Electric 

Seven advisories were published concerning 22 vulnerabilities. The most serious, with a CVSS score of 10, was detected in Siemens’ Simatic IPCs. 

👉Read more

Microsoft Edge

Multiple critical security vulnerabilities that impact Microsoft Outlook & Edge have been reported. 

  • Security updates released for CVE-2024-21413 (9.8)& CVE-2024-21410(9.8)

👉Read more
👉Read more

Cisco NX-OS Software

Two critical vulnerabilities were reported that could enable attackers to cause a denial of service (DoS) condition on affected devices. 

  • Critical vulnerabilities in Cisco NX-OS Software: CVE-2024-20267 (8.6) & CVE-2024-20321 (8.6)

👉Read more
👉Read more

Moxa Inc. 

A critical vulnerability in Moxa NPort W2150A/W2250A Series firmware that could result in DoS was updated. 

  • Critical vulnerability updated in Moxa NPort: CVE-2024-1220 (8.2)

👉 Read more         

ARTICLE

Industrial ransomware attacks: a retrospective 

Since 2017, ransomware incidents have surged in number and sophistication. Financial crime actors’ knowledge and strategies have evolved, leading to more damaging attacks on Operational Technology (OT) environments. This article, updated with Google Cloud’s Cybersecurity Forecast 2024, revisits these evolutions and highlights the importance of comprehensive IT/OT defenses.

👉Read more

GOVERNANCE

Major NIST cybersecurity framework update[HB5] [APA6] 

The US National Institute of Standards and Technology (NIST) updated its cybersecurity framework (CSF) for the first time since its creation in 2014. The agency now explicitly aims to expand its audience beyond critical infrastructure to support all organizations in effectively managing and mitigating risks.

👉Read more
👉Read more (PDF)

REGULATION

Revision to IMO cybersecurity guidelines

The International Maritime Organization (IMO) has delivered a proposal to revise its 2017 Guidelines on Maritime Cyber Risk Management. This eagerly anticipated update will address past oversights, refine terminology, and incorporate guidelines from other frameworks, including IACS UR E26 and UR E27, and elements from the updated NIST CSF.

👉Read more (PDF)

Presidential order strengthens US maritime cybersecurity

President Biden signed an Executive Order in February 2024 to safeguard critical US maritime infrastructures against rising cybersecurity threats. This order notably grants the US Coast Guard enhanced powers to tackle threats directly while mandating the establishment of comprehensive cybersecurity standards for vessels and port facilities.

👉Read more
👉Read more