In this edition of HopeNet’s newsletter, we delve into a series of significant cybersecurity incidents and updates that have impacted various sectors. From ransomware attacks on nonprofits like the Central Pennsylvania Food Bank to Iranian hackers targeting critical infrastructure passwords, the landscape of cyber threats continues to evolve. This edition also contains a link to free secure configuration benchmarks for many popular commercial products.
Lead Stories
- Central Pennsylvania Food Bank hit with Ransomware – This nonprofit supports over 27 counties in the Keystone State, serving more than 250,000 in-need persons each month, including children, veterans, active duty military personnel, and seniors.
- Iranian hackers are going after critical infrastructure passwords – Iranian hackers are aggressively trying to crack passwords in the health care, government, information technology, energy and engineering sectors, an advisory from U.S., Canadian and Australian cyber agencies
- A vocational school experienced a cyberattack due to a gap in their firewall – This likely means that it was misconfigured. CIS publishes FREE configuration benchmarks for several commercial products at https://learn.cisecurity.org/benchmarks.
Cyber Attacks
- Gryphon Healthcare, Tri-City Medical Center Disclose Significant Breaches – Another third-party data breach.
- Ex-Disney Employee Charged with Hacking Menu Database – The culprit “used his work credentials, which were still functioning after his termination”. This is not uncommon where access is manually provisioned and deprovisioned.
- Boston Children’s Health Announces Vendor Breach Affecting Patients and Staff
- Calgary Public Library forced to limit services after cyberattack
- Casio says ‘no prospect of recovery yet’ after ransomware attack – Two weeks and still no path to recovery.
Vulnerabilities, Malware, & Patches
- Oracle Patches Over 200 Vulnerabilities With October 2024 Update
- Jetpack patches critical bug that exposed data on 27M WordPress sites
- Fortinet Confirms Zero-Day Exploit Targeting FortiManager Systems
- Apple Patches Over 70 Vulnerabilities Across Multiple Products
Phishy Phirewalls – the lighter side of IT!
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!