The lead story this week is about sextortion – this tragic plague traps young people in a spiral of hopelessness that leads to financial extortion, sexual exploitation and trafficking, and too often – death. If you have children and do not feel you fully understand how this works, PLEASE reach out to me directly and I will explain what it is and what you can do.
General
- Family of boy (13) who died by suicide sues Snapchat over sextortion scheme – This scenario of young people taking their lives because they feel hopeless with nowhere to turn is repeating itself far too often.
- NSA’s Top Ten Cybersecurity Mitigation Strategies – Good list and a reminder that cybersecurity is more than one tool or activity.
- Human error still perceived as the Achilles’ heel of cybersecurity – Security awareness training remains a cornerstone for security programs.
Data Loss
- Malicious actors leak 70 million records from US Criminal database
- Nissan North America data breach impacts over 53K employees – we often overlook providing the same protections for our staff and volunteers.
- Florida nonprofit Bridgeway Center says data breach impacted over 65,000 people
- Toshiba email compromise reveals Social Security numbers – Concerning that the attackers operated for a year before being discovered, despite the size and resources of a company like Toshiba.
Operational Disruption
- BlackSuit Claims Dozens of Victims With Carefully Curated Ransomware – This threat actor is targeting multiple areas including education. Noteworthy as they are focused on organizations with smaller cyber budgets.
- Ransomware Increasingly Targets Medical Providers – Contains a good, yet simple list of steps that can improve an organization’s security posture around this type of attack.
Social Engineering
- US political consultant indicted over AI-generated Biden robocalls – Voice cloning is getting very easy and there are many sources of voice samples – youtube and TikTok. I recently did some personal research for a talk and found voice cloning to be easy, cheap, and accessible to anyone.
Vulnerabilities and Malware
- TeaBot Banking Trojan Activity on the Rise and 90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play – TeaBot is an Android trojan that is often hidden in a PDF/QR reader, but its real intent is to steal banking credentials. Scary to see the number of malicious apps on the official android site.
- WordPress tool Exploited to Steal Credit Card Data from E-commerce Sites – This is a third party plug that installs third party code – two separate vectors that can be exploited. Scan all code, yours and third party.
- Check Point VPN Attacks Involve Zero-Day Exploited Since April
Phishy Phirewalls – the lighter side of security!
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and charities. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!