HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and charities. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
General
- GAO: NASA Faces ‘Inconsistent’ Cybersecurity Across Spacecraft – Different vendors, different configurations, and lack of strong policy has led to inconsistent security. Seems NASA has similar problems to the rest of us.
- Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software – SBOMs are a fancy name for all the “ingredients” that make up an application. They were started to help with security, but the flip side is they are also available to attackers.
- UnitedHealth CEO savaged for failings in cyberattack that crippled health care – Unfortunately, the heat is justified. This wasn’t just a single security failure but a systematic failure of many controls – any one of which could have stopped or slowed the damage.
Data Loss
- Data of domestic violence victims exposed in ZircoDATA hack – This is disturbing, as these victims are some of the most vulnerable.
- Church of Sweden and dozens more claimed by LockBit – Unclear how much data is involved or how much they are asking for ransom.
- The UK Says a Huge Payroll Breach Has Exposed Details of Military Personnel – China is suspected in this breach involving 272,000 British military personnel.
Operational Disruption
- Healthcare Giant Ascension Hacked, Hospitals Diverting Emergency Service – The massive non-profit healthcare organization has told all business partners to disconnect from its networks.
- Brandywine Realty Trust Hit by Ransomware – This publicly traded company claims that there have been no material impacts to operations despite the fact that some systems are still offline after a week.
- City of Wichita Shuts Down Network Following Ransomware Attack
Social Engineering
- Dell breach of 49M customers could lead to a myriad of followup attacks – there is no financial information in the breach, but customer names, addresses and equipment could lead to some convincing scams against customers and Dell themselves. Scrutinize all communications if you do have any Dell equipment.
Vulnerabilities and Malware
- ‘TunnelVision’ DHCP flaw lets attackers bypass VPNs – Don’t use VPN from public WiFi until this sorted. Use a hotspot instead.
- Finland warns of Android malware attacks breaching bank accounts – victims are tricked into installing fake software. It is critical to only download from known good sites.
- Android Update Patches Critical Vulnerability – This security update patches 38 vulnerabilities, including a critical bug.
- F5 fixes BIG-IP Next Central Manager flaws
Phishy Phirewalls – the lighter side of security!
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!