HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and charities. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
General
- In a previous update, I mentioned Stuxnet – here is a good summary of the first true cyberweapon deployed “allegedly” by the NSA and allies – interesting read.
- FTC Finalizes Health Breach Notification Rule Update – This ruling expands requirements beyond traditional HIPAA entities to health apps and other technologies. Between HIPAA and Privacy, I expect increased protection around beneficiaries of non-profit organizations.
- Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches – Some discouraging numbers including that 15% of breaches in the past year came from the supply chain and people making mistakes represents 28% of all breaches globally.
- Google Cloud Unveils New AI-Powered Security Capabilities – If you use Google Cloud, I would check out these new capabilities. This could start an interesting trend if other cloud services follow with similar capabilities.
Data Loss
- YMCA Fined for Data Breach, ICO Raises Concerns About Privacy for People with HIV – More concerns for beneficiaries..
- Hackers accessed more than 19,000 accounts on California state welfare platform – While the company blamed users since intruders used reused passwords from other websites to gain access, where was the MFA?
- BerryDunn suffers third-party breach, 1M affected – Third party breaches will continue to grow until we start to properly assess vendors, hold them accountable with strong contract language, and to audit them periodically.
- Rehab Hospital Chain Hack Affects 101,000; Facing 6 Class Action Lawsuits
Operational Disruption
- Ransom payments surge to staggering $2M on average – Total costs are much higher, including recovery costs, lost revenue, reputational repair, law suits, and regulatory fines.
- Philippines Pummeled by Cyberattacks & Misinformation Tied to China – “these attacks — on police agencies, government ministries, and universities — and associated data leaks are sowing discontent in the country.”
- London Drugs closes stores until further notice due to cyberattack
- Hackers Target New NATO Member Sweden with Surge of DDoS Attacks
Social Engineering
- Per FBI, scammers stole more than $3.4 billion from older Americans last year – Seniors are common targets for a number of reasons including loneliness and lack of technical savvy.
- Smishing And Phishing Scams Kick Off IRS Annual Dirty Dozen – ‘tis the season…
Vulnerabilities and Malware
- Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices – I do not see a fix, so beware if your device is acting weirdly. Another reason to be careful where you download apps and updates from.
Phishy Phirewalls – the lighter side of security!
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!