Cybersecurity Newsletter

News:

A report from industrial cybersecurity firm Dragos has revealed an 87% increase in ransomware attacks against industrial organizations over the past year. In 2024, 1,693 industrial organizations with sensitive data exposed on ransomware-dedicated breach sites were identified. The manufacturing sector was the most affected, accounting for 69% of all attacks, with 1,171 incidents across 26 distinct subsectors. While no ransomware variants specifically designed for industrial control systems (ICS) were observed, attackers managed to halt production lines, disrupt supply chains, and exfiltrate sensitive data. The firm also highlighted that ransomware operators prefer to target organizations with a low tolerance for downtime, increasing the pressure to pay the ransom. This increase in attacks is partly attributed to geopolitical tensions and the growing perception of OT/ICS environments as viable targets.

The United States Congress has reintroduced the Farm and Food Cybersecurity Act to protect the nation's food supply chain from cyberthreats. This bipartisan, bicameral legislation seeks to identify vulnerabilities in the agricultural sector and enhance protective measures for both government and private entities. The law requires the Secretary of Agriculture to conduct a biennial study of cyberthreats and vulnerabilities in the agriculture and food sectors and submit a report to Congress. It also mandates annual cybercrime simulation exercises in coordination with the Department of Homeland Security, the Department of Health and Human Services, and the Director of National Intelligence. The law is supported by various agricultural and trade organizations, underscoring the importance of protecting food security as a vital component of national security.

Health-ISAC's "Health Sector Cyber Threat Landscape 2025" report highlights the cybersecurity challenges faced by the healthcare sector in 2024 and anticipates an even more complex landscape for 2025. Over the past year, healthcare organizations globally grappled with a surge in ransomware attacks, with cybercriminals employing increasingly sophisticated methods to disrupt operations and demand monetary ransoms. Furthermore, state actors ramped up their cyberespionage efforts, targeting sensitive patient data and valuable intellectual property. The proliferation of Internet of Medical Things (IoMT) devices has introduced new vulnerabilities, requiring urgent attention and adaptation of security measures. The report underscores that, looking ahead to 2025, ransomware will remain a prevalent cyber threat, with attackers honing their tactics to maximize disruption and financial gain. An increase in third-party security breaches is anticipated, as healthcare organizations increasingly rely on external partners for services and technology, amplifying the risk of exposure through interconnected systems. Data breaches will continue to be a critical concern, driven by the lucrative value of healthcare information on the black market. Furthermore, supply chain attacks are emerging as a significant threat, with adversaries targeting the complex network of suppliers to infiltrate healthcare networks. Zero-day exploits, which take advantage of previously unknown vulnerabilities, are expected to become more prevalent, challenging the industry's ability to defend against novel attacks. The report urges healthcare organizations to strengthen their defenses in the face of a constantly evolving threat landscape that shows no signs of slowing down.
Vulnerabilities

VMware by Broadcom has disclosed vulnerabilities in its products that could be exploited by remote attackers to compromise the security of affected systems. These flaws reportedly could allow malicious code execution and unauthorized access, posing a significant risk to organizations using these solutions.

Description:

CVE-2025-22224: TOCTOU vulnerability in VMCI allows an attacker with local administrative privileges on a virtual machine to execute code in the host VMX process. CVE-2025-22225: Arbitrary write vulnerability in ESXi could allow an attacker with privileges in the VMX process to write to the kernel, enabling sandbox escape. CVE-2025-22226: Out-of-bounds read vulnerability in HGFS can be exploited by an attacker with administrative privileges on a virtual machine to leak information from the VMX process memory.