This update definitely has a GenAI/Deepfake flair to it.  Additionally, a number of cyber attacks related to nonprofits and Organizations of Hope. Finally, our Phishy Phirewalls section shows how Deepfake can take one picture and animate it with someone else’s actions.

General

• Researchers Highlight How Poisoned LLMs Can Suggest Vulnerable Code – If you are using ChatGPT or other tools to write code, this topic is worth watching.  More on AI dangers below.
• The Silver Bullet of MFA Was Never Enough – Good article detailing the strengths of MFA, but also why it is only a single part of a comprehensive security program.
• IT admin charged with hacking his own company – We often minimize insider attacks, but they happen.  If your organization employs volunteers or contractors, your risk is greater.
• Deepfakes: Seeing is no longer believing – This is at a dangerous spot right now as defenses have not caught up with attacks yet.  For now, our best defenses are using AI to spot the deception and to train users. (See Phishy Phirewalls section for a sample!)

Cyber Attacks

• Iranian hackers work with ransomware gangs to extort defense, education, finance, and healthcare organizations across US
• Patelco Credit Union Says Breach Impacts 726k after ransomware Gang auctions data 
• 500k Impacted by Texas Dow Employees Credit Union Data Breach
• USAA Data Breach Affects Over 32k Consumers
• Nonprofit American Radio Relay League confirms $1 million ransom payment
• Over 100K Oregon Zoo visitors warned that their payment card details were stolen
• Gramercy Surgery Center Breach Affects Over 50K Patients
• Researchers trace massive data leak (170M) to US data broker – Details are still coming out, but it looks like cloud storage that was publicly accessible without proper authentication requirements.

Vulnerabilities, Malware, & Patches

• Hacking Microsoft Copilot Is Scary Easy – Copilot is fantastic, but we need to understand the risk to the data we put into it and the possibility that the model can be poisoned to produce malicious results.
• Patch Now: Second SolarWinds Critical Bug in Web Help Desk
• New QR Code Phishing Campaign Exploits Microsoft tools – the details of this attack aren’t as important as the overall message that QRCodes can be malicious and people should only scan them if they are sure they are from a trusted source.

Phishy Phirewalls (Scary how one picture can be used with an actor to create alternate realities.)

HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.  

If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com.  Also, check out the Services section of our site for ways we can help! Thanks for reading!