HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and charities. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
General
- MITRE ATT&CKED: InfoSec’s Most Trusted Name Falls to Ivanti Bugs – MITRE had gone 15 years without a major incident – goes to show that no one is immune.
- US Congress Passes Bill to Ban TikTok – Based on all the state sponsored activity below, I totally understand.
- FCC Approves Voluntary Internet-of-Things Cybersecurity Labeling Program – while a great idea, I wonder if it will matter to consumers who have ignored security for decades for better prices?
- Attacks use steganography to target 320 orgs globally – Stenography is the act of hiding data in file like a music file or picture. This can be used to deliver malicious payloads or to exfiltrate data out of an organization.
Operational Disruption
- FBI Director Wray Issues Dire Warning on China’s Cybersecurity Threat – We’ve previously noted how cyber is part of modern warfare. Per the article, China’s “plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist.”
- Notorious Russian hacking unit linked to breach of Texas water facility – the attention water plants are getting is disturbing.
- Russia-linked hacking group claims to have targeted Indiana water plant – and one more…
Social Engineering
- 56% of cyber insurance claims originate in the email inbox – Awareness training and supplemental email tools are the best protection. Other interesting stats are that orgs that use RDP are 250% more likely to experience a claim, overall claim frequency is up 13%, and claim severity increased 10%.
- Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam – this scam even involves professional quality call center agents. An elaborate ruse to be sure, but master passwords are highly valuable.
- Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar – a phishing email from a supposed Bank of America employee includes a link from a vulnerable Nespresso page. While it sounds confusing, it demonstrates how attackers could use your name, reputation, and resources against the people that trust you.
- Iran Dupes US Military Contractors, Gov’t Agencies in Years-Long Cyber Campaign
Data Loss
- Supplement maker hack allegedly exposes 1M customers – In this breach, one of the items is purchase history. There are a number of ways that could be used against the customer in the future.
- Ring customers get $5.6 million in privacy breach settlement
- How Much Data is Too Much? 4 Steps Businesses Should Take as California Focuses On Data Minimization Requirements
Vulnerabilities and Malware
- Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability – Patch now if your firewalls are impacted.
- CrushFTP File Transfer Vulnerability
- WP Automatic WordPress plugin hit by millions of SQL injection attacks and Critical Forminator plugin flaw impacts over 300k WordPress sites
- Google Patches Critical Chrome Vulnerability – Restarting your browser once a day is a great way to ensure you stay patched.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!