As the threat landscape continues to unfold, this week’s headlines show a growing range of attack vectors and targets—from healthcare and financial institutions to major software vendors and local government. There are also a number of important vulnerabilities and patches of interest to nonprofits, public sector entities, and service-focused organizations.
Widespread Salesforce Hack May Be Tied to Workday Breach
A breach at Workday may be connected to the broader Salesforce hack campaign. This incident should prompt all organizations using third-party platforms to reassess vendor security and review any integrated services.
Read more on SecurityWeek
Fortinet Discloses Critical FortiSIEM Zero-Day Under Active Exploitation
Fortinet has issued a warning about a pre-auth remote code execution flaw in FortiSIEM being actively exploited in the wild. Nonprofits and managed service providers should check their environments and apply updates immediately.
Read more on BleepingComputer
Christ Hospital Sued for Allegedly Sending Patient Data to Meta
A class action lawsuit alleges that Christ Hospital’s website shared patient data with Meta through tracking pixels. This case highlights the privacy risks of embedded analytics tools on healthcare or nonprofit web properties.
Read more on HIPAA Journal
Connex Credit Union Breach Impacts 172,000 Individuals
Connex Credit Union reported a data breach impacting over 170,000 people. Organizations in the financial services sector or those managing sensitive client data should review incident response plans and ensure third-party oversight.
Read more on BleepingComputer
Pentesting Advice for CISOs and IT Leaders
A new article outlines how CISOs and IT leaders can maximize value from penetration testing. Recommendations include aligning tests with business goals, scoping wisely, and integrating results into ongoing risk strategies.
Read more on Help Net Security
Zoom and Xerox Patch Critical Security Bugs
Zoom and Xerox released urgent updates addressing critical security vulnerabilities. Any organization using their services should prioritize these updates to avoid risk of exploitation.
Read more on The Hacker News
Millions of Dell PCs Have Insecure BIOS Configuration
Researchers found that Dell shipped millions of PCs with insecure BIOS settings, potentially allowing attackers to bypass operating system protections. Admins should review BIOS configurations and apply any vendor-recommended changes.
Read more on The Register
Adobe Patches 60+ Vulnerabilities Across 13 Products
Adobe has released a major security update fixing over 60 vulnerabilities in products like Acrobat, Illustrator, and ColdFusion. These updates are particularly important for creative teams and marketing departments handling external files.
Read more on SecurityWeek
Fortinet and Ivanti Publish August Patch Roundups
Security advisories from Fortinet and Ivanti include critical vulnerabilities affecting their respective platforms. IT teams should stay up-to-date on patch releases and threat intelligence to avoid exploitation.
Read more on SecurityWeek
Elevation of Privilege Issues Dominate Microsoft Patch Tuesday
Microsoft’s August patch cycle addressed numerous elevation of privilege vulnerabilities. Organizations should expedite patch deployment, especially those involving local privilege escalation in commonly used services.
Read more on Dark Reading
HopeNet reviews a variety of security news sources so you don’t have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers who want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please sign up for this FREE newsletter at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!