Education and Healthcare (unfortunately) continue to get a lot of attention from attackers.  Artificial Intelligence continues to be leveraged for attacks, even by state actors now. And a number of patches that should be applied as soon as reasonable.

General

• Microsoft: BYOD, QR Codes Lead Rampant Education Attacks – Education was the third most targeted industry in the Q2 2024, according to Microsoft.
• Iranian Hackers Used ChatGPT to Plan ICS Attacks – AI is great, but can also be scary. Ensure that you are not using sensitive data in public platforms.
• AI-Powered Cybercrime Cartels on the Rise in Asia – more misuse of AI capabilities, but this time using it to create phishing attacks in multiple languages, chatbots, forged documents, and Deepfakes.
• After breach, National Public Data files for bankruptcy
• Disney faces class action lawsuit over employee data breach – The company is accused of gross negligence in their security practices, privacy violations, and of not following notification regulations.

Cyber Attacks

• Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities – Another ransomware attack against healthcare and nonprofits.  Both continue to be common targets for criminal organizations.
• Healthcare Organizations Warned of Trinity Ransomware Attacks 
• Akira and Fog ransomware now exploit critical Veeam RCE flaw – Threat actors leverage recent vulnerabilities in hopes that victims have not yet applied available patches.
• MoneyGram Says Personal Information Stolen in Recent Cyberattack – This attack also impacted payment services for 3+days.
• Detroit-area government services impacted by cyberattack
• Ransomware gang claims Superior Court of California

Vulnerabilities, Malware, & Patches

• 5 reasons to update your iPhone to iOS 18.0.1 right now
• Patch Tuesday, October 2024 Edition – 117+ security patches!
• Single HTTP Request Can Exploit 6M WordPress Sites – Patch now if you are using the popular LiteSpeed Cache plug-in.
• Ivanti fixes three CSA zero-days exploited in the wild
• Palo Alto Patches Critical Firewall Takeover Vulnerabilities
• Actively exploited Firefox zero-day fixed, update ASAP!

Phishy Phirewalls – the lighter side of IT! 

HopeNet (HopeNetCISO.com) reviews a variety of security news sources so you do not have to! This list is curated specifically for churches, nonprofits, and other Organizations of Hope. The headlines and our added comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper.  

If this was shared with you and you would like to receive a copy directly to your email, please subscribe at HopeNetCISO.com.  Also, check out the Services section of our site for ways we can help! Thanks for reading!