HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and charities. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
General
- Murdered Beauty Queen May Have Led Killers to Her Location by Posting Food Photo – Prior to social media, law enforcement would have to get a warrant to get the type of info that people freely share now. NOTE: Time and location are stored in most photos…you could be leading someone to you or your loved ones.
- Zscaler Confirms Only Isolated Test Server Was Hacked – While good in this case, sometimes development, testing, and staging environments can be just as dangerous as production. They can have live data, less controls, and highly technical users – a really dangerous mix.
Data Loss
- University System of Georgia Says 800,000 Impacted by MOVEit Hack – We are still learning of the impacts of the 2023 MOVEit attacks. In this case, Social Security numbers and bank account numbers were compromised.
- 500,000 Impacted by Ohio Lottery Ransomware Attack – Attackers claim to have obtained more than 1.5 million records of employee and player info including names, email, addresses, winnings, dates of birth, and social security numbers.
- MediExcel exposes 500K patient documents – This was not a breach, but a misconfigured Amazon S3 bucket that allowed public access.
- 900k Impacted by Data Breach at Mississippi Healthcare Provider
Operational Disruption
- CISA spreads Black Basta TTPs amid Ascension infection – TTP’s are the “tactics, techniques, and procedures” attributed to groups of threat actors as know groups often take similar approaches across all their attacks. While it does help to understand these things, the most common ransomware protections remain the same – patching, MFA, user education, securing remote access software, and making/protecting backups.
- Ransomware statistics that reveal alarming rate of cyber extortion
Social Engineering
- 2023 FBI Internet Crime Report – 880K victims reported losses of $12.5B. Phishing dominated the number of attacks, but Investment Scams showed the highest dollar loss. Please note that not all crimes are reported, so these numbers are LOW. Interesting article to skim.
- FBI Warns of Scammers Targeting Senior Citizens in Grandparent Scams – In this scam, grandparents get a call from a grandchild that is “in trouble and needs money”. This is becoming more popular with voice cloning fakes, which can be made with 12 seconds of audio. Families should establish a unique keyword that only they know as a form of authentication.
- Sextortion is a real problem for today’s youth – the impacts can be devastating as our children try to deal with this on their own out of shame.
Vulnerabilities and Malware
- Google patches its fifth zero-day vulnerability of the year in Chrome
- Apple Patch Day: Code Execution Flaws in iPhones, iPads, macOS
- Adobe Patches Critical Flaws in Reader, Acrobat
- VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
- Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities – Busy week! Patch of all these ASAP.
Phishy Phirewalls – the lighter side of security!
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!