Crowdstrike’s issue reminds us (again), that data confidentiality is only one of the pillars of cybersecurity. The automobile industry is still reeling from the CDK cyber attack. And both of these are on the heels of Change Healthcare earlier this year.
In Cybersecurity, we refer to this pillar as “Availability” and the goal is to ensure an organization can access the systems and data needed to fulfill their mission when they need them. Business Continuity, Disaster Recovery, and Backup/Restoration are common topics in this Domain. Please let us know if you would like to discuss this area and how you might make your organization more resilient.
General
- Bad CrowdStrike Update Linked to Major IT Outages Worldwide – While automatic updates are a great way to keep yourself up to date with the latest protections, this faulty update shows the downside. And while “you only have to apply one patch to fix the issue”, it is a bit tricky to apply a patch to a computer that can’t be booted…
- FishXProxy Phishing Kit Outfits Cybercriminals for Success – “Significantly lowers the barrier to successfully mount email attacks”. Almost anyone, regardless of technical skills, can now deploy sophisticated phishing campaigns. Oh, great!
- Change Healthcare Attack Cost Predicted at $2.3B+ in 2024
Cyber Attacks
- Massive AT&T breach exposes text and call contact history – Contact information including who, when, and how long appear to be what is exposed for calls/text between May 2022-Jan 2023. While the contents of calls and text are not (yet?) at risk, this data can be used for phishing, blackmail, and data mining.
- Indiana county files disaster declaration following ransomware attack – Typically all IT partners will disconnect and block companies under a cyberattack. Thus, not only are your systems down, but also many other digital resources that you leverage.
- Hacktivists Dump Disney Slack Data Online – This attack has some interesting twists. Another messaging breach (see AT&T above), but the culprits are hacktivists and the reason is due to contract complaints. DON’T FORGET, you may be targeted for no other reason but people disagree with your views or your cause.
- Rite Aid breached (again) according to new ransomware claim
- Advance Auto Parts says more than 2 million impacted by data breach
- Furniture giant shuts down manufacturing facilities after ransomware attack
Vulnerabilities, Malware, & Patches
Phishy Phirewalls – the lighter side of security!
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and other ‘Do Good’ Organizations. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper. If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Thanks for reading!