CyberWatch by Bureau Veritas: April 2024
VULNERABILITY
Siemens & Schneider Electric
Seven advisories were published concerning 22 vulnerabilities. The most serious, with a CVSS score of 10, was detected in Siemens’ Simatic IPCs.
👉Read more
Microsoft Edge
Multiple critical security vulnerabilities that impact Microsoft Outlook & Edge have been reported.
Security updates released for CVE-2024-21413 (9.8)& CVE-2024-21410(9.8)
👉Read more
👉Read more
Cisco NX-OS Software
Two critical vulnerabilities were reported that could enable attackers to cause a denial of service (DoS) condition on affected devices.
- Critical vulnerabilities in Cisco NX-OS Software: CVE-2024-20267 (8.6) & CVE-2024-20321 (8.6)
👉Read more
👉Read more
Moxa Inc.
A critical vulnerability in Moxa NPort W2150A/W2250A Series firmware that could result in DoS was updated.
- Critical vulnerability updated in Moxa NPort: CVE-2024-1220 (8.2)
ARTICLE
Industrial ransomware attacks: a retrospective
Since 2017, ransomware incidents have surged in number and sophistication. Financial crime actors’ knowledge and strategies have evolved, leading to more damaging attacks on Operational Technology (OT) environments. This article, updated with Google Cloud’s Cybersecurity Forecast 2024, revisits these evolutions and highlights the importance of comprehensive IT/OT defenses.
👉Read more
GOVERNANCE
Major NIST cybersecurity framework update[HB5] [APA6]
The US National Institute of Standards and Technology (NIST) updated its cybersecurity framework (CSF) for the first time since its creation in 2014. The agency now explicitly aims to expand its audience beyond critical infrastructure to support all organizations in effectively managing and mitigating risks.
👉Read more
👉Read more (PDF)
REGULATION
Revision to IMO cybersecurity guidelines
The International Maritime Organization (IMO) has delivered a proposal to revise its 2017 Guidelines on Maritime Cyber Risk Management. This eagerly anticipated update will address past oversights, refine terminology, and incorporate guidelines from other frameworks, including IACS UR E26 and UR E27, and elements from the updated NIST CSF.
👉Read more (PDF)
Presidential order strengthens US maritime cybersecurity
President Biden signed an Executive Order in February 2024 to safeguard critical US maritime infrastructures against rising cybersecurity threats. This order notably grants the US Coast Guard enhanced powers to tackle threats directly while mandating the establishment of comprehensive cybersecurity standards for vessels and port facilities.
👉Read more
👉Read more