HopeNet (HopeNetCISO.com) curates a list of recent security news relevant to churches, nonprofits, and charities. The headlines and comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper. .
Scams, Regulatory activity, a massive data breach, and a rough week for Fortinet lead the stories this week…
General
- Still on Top: Cybersecurity Incidents Ranked #1 Global Business Threat in 2024 – Implementation of a Framework like NIST CSF 2.0 is the first suggestion on their list.
- Top 10 Cyber-Attacks of 2023 – Infosecurity Magazine – Your list may be different, but this is a good cross section on the biggest concerns and the variety of targets.
Phishing, Vishing, Smishing, Scam, and Fraud
- Finance Employee Defrauded for $25M by Deepfake CFO – A deepfake video call with several executives tricked an employee in this ruse. Highlights the importance of separation of duties / dual verification.
- The Terrifying A.I. Scam That Uses Your Loved One’s Voice – 30 to 60 seconds of voice is all that is needed to replicate it. How will you know if your next call from your spouse, your boss, or the President of the United States is really them?
- The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger – Spoofing a caller ID, knowing the last 4 of the SSN, having a date of birth – While many of us have “nothing to hide”, these details can be disarming and lead us to trust when we should not.
Data Theft and Leaks
- Cyber Attack affects 43M French workers – Names, SSN’s, Date of Birth, and contact information. Everything you need for Identity theft and Scams. (See above.)
- Ransomware attack leads to Data Breach – In this case, employees were the victims. Churches and charities have sensitive information on many types of stakeholders including staff, volunteers, congregations, donors, and beneficiaries.
- Nissan Data Breach Affects 100,000 Individuals
Regulatory
- Florida Bill seeks to reduce cybersecurity liability – This could be really interesting. If passed, this legislation would limit the liability of companies that have commercially reasonable security practices.
- 41 state attorneys general tell Meta to fix their customer support for hacking victims – Apparently, there are so many hacking victims that the state AG offices are becoming overwhelmed.
- House passes bill that could lead to a TikTok ban – Where data is stored and processed matters as it dictates the legal jurisdiction. Since China can compel its companies to turn over data, the concern is real here.
- Executive Order Issued To Limit Access to Personal and Government-Related Data by “Countries of Concern
Operational Disruption
- Stanford University failed to detect ransomware intruders for 4 months – In addition, 27,000 records were stolen.
- Ransomware Insights and Trends | 2024 – Threats will continue to increase. Ransomware as a service makes these attacks accessible to everyone. And hacktivists will increase use of this method for publicity.
- Alabama suffers DDoS Cyberattack by Hacktivists – DDOS attacks are less common than Ransomware, but can still cause big issues.
Vulnerabilities
- Critical Fortinet FortiOS bug CVE-2024-21762 potentially impact 150,000 internet-facing devices – This was initially announced in February, but there are still a large number of vulnerable devices despite the fact there are patches and work around available.
- Fortinet warns of critical RCE bug in endpoint management software – Rough week for Fortinet…
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware – WordPress is a fantastic tool. Unfortunately, both it and its add-ins deal with a constant stream of vulnerabilities. If you use this tool, please patch it and all its add-ins frequently.
If this was shared with you and you would like to receive your own copy in the future, please subscribe at HopeNetCISO.com. Thanks for reading!
