Wide range of topics this update – AI, Phishing, Hiring Practices, Physical Attacks, Patching, and Supply Chain. Good examples of why a comprehensive Cybersecurity program must cover a wide range of areas.
General
- The CISO’s approach to AI: Balancing transformation with trust – Good read if your organization uses AI tools.
- KnowBe4 mistakenly hires North Korean hacker – This event highlights the importance of vetting those that have access to anything of importance. Furthermore, it shows why protections against insider attacks are necessary as part of a comprehensive cybersecurity program.
- Dark Angels extort world’s largest-ever ransomware payment of $75M – also noted that the most targeted country for ransomware attacks is the United States with 49.95% of incidents.
- 5 ways threat actors are taking advantage of the CrowdStrike outage – Hoping to take advantage of desperation, threat actors often offer to “help”.
Cyber Attacks
- Fake Hot Fix for CrowdStrike ”crowdstrike-hotfix.zip” Spreads Remcos RAT – More of the wrong kind of help.
- Cyberattackers Accessed HealthEquity Customer Info via Third Party – 4.5M people impacted, including employee and dependent information.
- French telecom infrastructure damaged in another sabotage attack – Physical attacks can often be more disruptive than technical ones. Physical environment controls should be part of your cyber program.
- Security oversight exposes 40M UK voters’ records – Not patching is one of the most unnecessary reasons for a data breach.
- Ransomware attack shuts down three dozen Los Angeles courts
- Columbus reports cyber incident as multiple cities recover from ransomware attacks
- Microsoft 365 and Azure outage takes down multiple services
Vulnerabilities, Malware, & Patches
- Recent Apple Release also Extends Zero-Day Patch to Older Devices
- Phishing Campaign Exploited Proofpoint Email Protections for Spoofing
Phishy Phirewalls – the lighter side of security!
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! The list below represents items relevant to churches, nonprofits, and other ‘Do Good’ Organizations. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!