The lead story in this update is great for small organizations at the initial stages of their security program. Following that, a wide array of recent attacks. Lastly, a number of important patches deserve your attention if they are part of your IT organization.
General
- NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide – relevant for many nonprofits and provides an easy to read overview of what to consider in a security program.
Cyber Attacks
- Hacker locks Unicoin staff out of Google accounts for 4 days – Protecting your most privileged accounts is a must. I expect what the attackers were able to get over 4 days will provide them with years of attacks.
- Carbon black supplier Orion loses $60 million in business email scam
- Hackers steal 464K records from Nonprofit
- National Public Data Says Breach Impacts 1.3 Million People – Still bad, but much better than the initial estimates of 3 billion.
- Florida-Based Drug Testing Lab Says 300,000 Affected in Hack – results include traditional PII plus data such as drug use.
- Local gov’ts in Texas, Florida hit with ransomware
- City of Flint Scrambling to Restore Services Following Ransomware Attack
- Donald Trump’s Campaign Says Its Emails Were Hacked
- DNC Credentials Compromised by ‘IntelFetch’ Telegram Bot
Vulnerabilities, Malware, & Patches
- Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update – That’s a lot of zero-days, so prioritize getting this patch applied.
- SolarWinds fixes hardcoded credentials flaw in Web Help Desk – This should be patched immediately.
- Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data – This story and the next demonstrate why AI is a growing concern amongst CISOs.
- Slack Patches AI Bug That Exposed Private Channels
- Critical Flaw in WordPress GiveWP Donation Plugin
- Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
- Google Patches 38 Vulnerabilities in Chrome
- Fortinet, Zoom Patch Multiple Vulnerabilities
Phishy Phirewalls – the lighter side of IT!
HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.
If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com. Also, check out the Services section of our site for ways we can help! Thanks for reading!