HopeNet (HopeNetCISO.com) has curated this list from recent security news relevant to non-profits and charities. The headlines and comments are meant to provide enough to get an overview of recent happenings, but links are also provided for readers that want to explore certain topics deeper. Please feel free to ask questions if you need more detail or are just curious how an attack works!
Also – please share this freely to your boss, your friends, and anyone else that might get value from it. Thanks!
General
- FBI: Cybercrime Losses Exceeded $12.5 Billion in 2023
- Privacy violations have risen to second in expected cyber insurance claims costs – Even if you are not today subjected to regulatory requirements, Privacy should be on your radar. If you have any data on people, you should be taking preparatory steps TODAY to meet the requirements that are coming in the future.
- CISOs should play a critical role in your Cyber Insurance strategy
- Data Breaches contribute to Tax Scams – Timely information and a reminder that criminals are opportunistic. They will leverage anything from holidays to information about your organization and its efforts to gain unwarranted trust, then exploit it.
Operational Disruption
- Children’s Hospital still does not have all systems up after a cyberattack a month ago – Lurie Children’s took its email, phone, and electronic systems offline after it detected a cyberattack – while most are back, there are key systems that are still not online.
- Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure (thehackernews.com) – two items of interest here. First, the interest in taking out critical infrastructure. These attacks are meant to cause more than disruption – they are meant to cause confusion, panic, and to attack hope. Second, it mentions Ransomware as a Service – one of the most debilitating attacks security experts deal with has been reduced to a service that anyone can sign up to no matter their level of technical skills.
- Indications are that Change Healthcare made a $22M payment – This payment could be for the ransomware, but could also be to stop the release of the data that was stolen during the attack.
- Georgia’s Largest County Is Still Repairing Damage From January Cyberattack
Data Theft and Leaks
- TalentLaunch Subsidiary, Alliance Solutions Group, Notifies 119,261 of Recent Data Breach – 119K names, dates of birth, Social Security numbers, driver’s license numbers, state identification numbers, passport numbers, financial account information, digital signatures, medical information, health insurance information, biometric information, and mother’s maiden names. What is the possible need for so much data? The easiest and cheapest way to protect data is to not have it in the first place.
- Large online dictionary leaks nearly 7M records – This is noteworthy because it was not theft, but rather a “data leak” due to misconfigured cloud storage. Best practice is to have templates for cloud configuration and ways to assess any cloud assets that “drift” from this standard.
- American Express credit cards exposed in third-party data breach – This incident was not caused by a data breach at American Express, but rather at a merchant processor in which American Express Card member data was processed.
- First BofA, Now Fidelity: Same Vendor Behind Third-Party Breaches – More third party problems.
The Internet of Things (IOT)
- IT Leaders Lack Confidence in IoT Security Plans – Security Boulevard – Internet of Things (IOT) devices often trade security for cost. Furthermore, they are often made in countries that are known for cybercrime. So why do companies put them on the same network as sensitive information and/or that house critical functions?
- Some doorbell cameras created in China and sold by Amazon allow spying and takeover – Did I mention that IOT devices often trade security for cost?
- Attackers can unlock and steal a Tesla
Vulnerabilities
- Apple fixes two new iOS zero-days exploited in attacks on iPhones – Gosh, it feels like we just had to patch last week…oh wait, we did.
- Android Patches Critical Vulnerabilities – update your Android devices as well!
If this was shared with you and you would like to receive your own copy in the future, please drop us an email at Terry.Kaufman@HopeNetCISO.com.
