HopeNet (HopeNetCISO.com) curates a list of recent security news relevant to churches, nonprofits, and charities. The headlines and comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
USB drives make a comeback, a cyber Big Mac attack, and $6,200 for a leather skirt/polo – this week’s report is all over the place!
General
- The Return of USBs – Please don’t stick them into your computers and consider disabling them on company managed devices.
- Tabletop exercises are more critical than ever – Tabletop exercises are easy and effective rehearsals for your team to practice how they would respond during a real security incident.
Data Theft and Leaks
- Data leak at Editorialist affects thousands of shoppers – Another cloud misconfiguration leads to a data leak. Admittedly, however, the most scandalous part to this article for me was that someone would pay $6,200 for a leather skirt and polo…
- Hacker Caught Stealing Personal Data of 132,000 – This hacker was buying compromised credentials on the web and using them to access sites and download data. MFA, password rotation, and not using the same password across multiple sites are common ways to avoid these types of breaches.
- Protected health information of over a million Irish citizens exposed – Salesforce is a very secure platform, but this goes to show that a good platform can’t outrun a bad implementation.
- Nations Direct Mortgage Data Breach Impacts 83,000 Individuals
Social Engineering
- Chinese hackers breach 70 orgs in 23 countries – These attacks are primarily focused on government agencies and use “spear-phishing” emails to create backdoors into government systems, presumably for future use. Spear phishing is a specifically targeted, highly detailed email to important or highly privileged individuals.
Operational Disruption
- McDonald’s: Global outage was caused by “configuration change” – why does this sound similar to AT&T’s issue a few weeks back? Change management, including testing and rollback plans is essential!
- Cyberattack knocks out Pensacola city government phone lines – The city also had a ransomware attack in 2019. That event cost the city about $300K to recover and exposed 57,000 personal records. While there is no confirmation that this is related, it is common for attackers to return to areas where they have had previous success.
- EPA warns of hackers breaching water systems – “In recent months, Iranian and Chinese state-backed threat groups have both targeted and breached U.S. water systems.”
Vulnerabilities
- More Ivanti vulnerabilities – Ivanti has had a steady stream of vulnerabilities since the beginning of the year. While all vendors have vulnerabilities, this many in quick succession makes one wonder if there is a bigger underlying issue.
- Chrome, Firefox Patch Serious Vulnerabilities
If this was shared with you and you would like to receive your own copy in the future, please subscribe at HopeNetCISO.com. Thanks for reading!
HopeNet CISO Services provides free cybersecurity assistance to churches, charities, and nonprofits that bring hope. Please visit us at HopeNetCISO.com to learn more!