Continued attacks on water facilities and healthcare organizations. Business Email Compromises and other phishing attacks continue to be a popular attack vector as attackers are using what information they can get for future deceptions. Attackers are willing to use information they have (even minor) to help to create convincing campaigns in hopes of deceiving victims into giving up something more valuable.

General

• New California law helps combat social media addiction among kids – The Protecting Our Kids from Social Media Addiction Act makes it illegal for  websites, social media platforms and other applications to provide an “addictive feed” to minors unless parents give consent.
• Critical Automated Tank Gauge Bugs Threaten Gas Infrastructure – sounds very similar to an attack that the US and  Israel (“allegedly”) used a decade ago to derail the Iranian Nuclear Weapons capability (Stuxnet: the first true cyberweapon).
• Disney to ditch Slack following July data breach

Cyber Attacks

• “Minor” Data Breach at DELL; Leaks 10K Employee Details – While the data might not seem super sensitive, it is enough to construct very convincing phishing attacks against Dell. 
• MoneyGram blames ‘cybersecurity issue’ for ongoing days-long outage – Customers are unable to make both in-person and online payments, and both the company’s website and app remain down at the time of the article.
• Cybersecurity Incident Affects Arkansas City Water Treatment Facility – More water attacks – this is definitely a scary trend.
• Mt. Carmel Behavioral Healthcare Announces Breach from Phishing Attack – attackers gained access to an internal email account and then abused it to deceive others.
• Vanilla Tempest ransomware gang targets Healthcare organizations
• One-third of the US population’s background info is now public
• Ransomware attack on Kansas county exposed sensitive info of nearly 30k
• Brunswick Psychiatric Hospital in New York latest ransomware victim

Vulnerabilities, Malware, & Patches

• D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers
• Exploit code released for critical Ivanti RCE flaw, patch now
• Broadcom fixes critical RCE bug in VMware vCenter Server

Phishy Phirewalls – the lighter side of IT! 

HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.  If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com.  Also, check out the Services section of our site for ways we can help! Thanks for reading!