Weekly Security Sprint EP 116. Iranian threats, Cyber resilience data, and hostile events

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Stopping Vehicles Before They Become Weapons at Church; Learn how to protect your church from vehicle-based attacks using bollards and physical barriers. • DHS to cut 75% of staff in its intelligence office amid heightened threat environment• North Korean IT Worker Threat: Microsoft - Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizationsMain Topics:Severe Weather, Texas & Camp Mystic Flood Disaster.• FEMA Activates in Texas Following President Trump’s Major Disaster Declaration Announcement• How the cataclysmic floods unfolded, minute by minute, amid darkness and chaos• Texas Hill Country is no stranger to flash floods, but alerts came too late• Meteorologists Say the National Weather Service Did Its Job in Texas• Chantal triggers life-threatening flash floods as storm pushes inland in North Carolina and Virginia• Chantal continues to bring flooding rain as it moves inland after South Carolina landfall• A Majority of Companies Are Already Feeling the Climate HeatScams!• FBI PSA: Fraudsters Target US Stock Investors through Investment Clubs Accessed on Social Media and Messaging Applications• Cyber Criminals Target Prime Day Shoppers with Fake Amazon Domains and Phishing ScamsIran and Domestic Threats.• Iran Suspected of Scouting Jewish Targets in Europe• Sleeper cells and threat warnings: how the US-Iran conflict is spinning up fear • After U.S. strikes on Iran, officials warn of retaliation from ‘sleeper cells’ in the U.S.• Iran-linked hackers threaten to release Trump aides' emails• Iran's Top General Issues Threat Quick Hits:• DOJ investigates ex-ransomware negotiator over extortion kickbacks• Risky Biz News - C&M hack linked to malicious insider: Brazilian authorities have arrested a 48-year-old programmer in connection with the hack of software company C&M and six Brazilian banks. • Cybercrime set to become the world’s third largest economy• How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)• AIVD: threat against the Netherlands remains high, uncertainty regarding world order• CYFIRMA: Executive Threat Landscape Report Australia• Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025• ReliaQuest: Ransomware and Cyber Extortion in Q2 2025• Comparitech: Ransomware Roundup: H1 2025 stats on attacks, ransoms, and active gangs• National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud.• Chinese Scholars Probe for Weaknesses in Western Electricity Grids• Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• The GRIP is one year old and to celebrate, we’re running an anniversary sale!!• Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!• (TLP:CLEAR) Hostile Nation States Employing Non-State Actors• Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity• ‘Suspended animation’: US government upheaval has frayed partnerships with critical infrastructure• Short-term extension of expiring cyber information-sharing law could be on the table• Gate 15 is excited to offer a low-cost ransomware resilience exercise for executives! Contact us today for more information on this great opportunity!Main Topics:Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors. Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk. At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. Beazley Report: U.S. Executives Misjudge Their Cyber Preparedness. U.S.-based executives feel more prepared to counter cyber threats, potentially indicating a false sense of security because many companies lack the ability to be adequately preparedness, according to a new report from specialist insurer Beazley. According to the report, Spotlight on Tech Transformation & Cyber Risk 2025, the perception of cyber resilience rose to 81% from 73% a year ago. Hostile Events:• A violent ambush in Idaho leaves 2 firefighters dead and 1 injured. What to know about the attack• Suspect Identified in Deadly Ambush of Idaho Firefighters• Chilling ‘coincidence’ of Idaho shooting sends internet sleuths into overdrive• Gunman started Idaho blaze and then fatally shot 2 firefighters in ambush attack, officials say• Here’s a timeline of how the Canfield Mountain ambush shooting unfolded• Multiple firefighters reportedly shot while responding to fire near Coeur d’Alene• Europol: New report - major developments and trends on terrorism in Europe in 2024Quick Hits:• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 • Over 1,200 Citrix servers unpatched against critical auth bypass flaw• The State of Ransomware 2025• Scattered Spider hackers shift focus to aviation, transportation firms • Scattered Spider’s Calculated Path from CFO to Compromise • M&S fashion rivals ‘benefited from its pause on online orders after cyber-attack’ • Ransomware attack contributed to patient's death• Canada orders Chinese CCTV biz Hikvision to quit the country ASAP• FBI PSA - Criminals Posing as Legitimate Health Insurers and Fraud Investigators to Commit Health Care Fraud• 50 Customers of French Bank Hit by Insider SIM Swap Scam; An intern at Société Générale is believed to have facilitated the theft of more than EUR1mn (USD1.15mn) from the bank's customers.• State of CPS Security 2025: Building Management System Exposures • H1 2025 Crypto Hacks and Exploits: A New Record Amid Evolving Threats

In the latest episode of Nerd Out Alec and Dave welcome back show regulars Joe Levy and Bridget Johnson as they dissect the incidents in the Middle East. Topics included:Reaction to the escalation and then de-esscalation.What this means for organizations.The risk of sleeper cells or inspired / influenced individuals or groups.How to organizations can increase preparedness.Then the group of nerds moved to the weather and talked about the extreme heat and how weather preparedness is no longer optional for organizations.They wrap up the pod with some fun summer activities and what they are looking forward to in regards to pop culture events.

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• WaterISAC to host tabletop exercise to strengthen utility resilience• Maryland Man Charged With Mailing Threatening Communications to Jewish Organizations, Including a Jewish Institution in PhiladelphiaMain Topics:• DHS NTAS Bulletin, 22 June 2025. Summary of the Threat to the United States. o National Terrorism Advisory System Bulletin - Issued June 22, 2025 (PDF)o DHS Issues National Terrorism Advisory System Bulletin Amid Israel-Iran Conflicto US Department of State: Worldwide Caution• Top AI models will lie, cheat and steal to reach goals, Anthropic finds. Large language models across the AI industry are increasingly willing to evade safeguards, resort to deception and even attempt to steal corporate secrets in fictional test scenarios, per new research from Anthropic… Read: Anthropic: Agentic Misalignment: How LLMs could be insider threats• A potent heat dome is building over the US, sending temperatures into the triple digitsQuick Hits:• Scattered Spider Tactics Observed Amid Shift to US Targets• Scattered Spider has moved from retail to insurance• Retail Council Of Canada Member Notice: Cybersecurity Threat Actor Scattered Spider Attacks Retail Sector• Hackers Weaponize Legitimate 'Netbird' Tool in Phishing Campaign Targeting CFOs• Telecom giant Viasat breached by China's Salt Typhoon hackers• Cyber threat bulletin: People's Republic of China cyber threat activity: PRC cyber actors target telecommunications companies as part of a global cyberespionage campaign • Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack• 13 improvised explosive devices found at home of man arrested near Pennsylvania "No Kings" protest, DA says. “Without that one report from the vigilant person at the "No Kings" rally who noticed something suspicious about Krebs' behavior and reported to police, this threat and the disturbing stockpile of explosives may have gone undetected.”• Minnesota Shootings: After Two-Day Manhunt, Suspect Charged with Shooting Two Minnesota Lawmakers and Their Spouseso Vance Boelter went to other lawmakers' homes the night he killed Rep. Hortman, wounded Sen. Hoffman, FBI sayso Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets' Addresseso When the Minnesota shooting suspect's life took a strange turno Minnesota shooting suspect Vance Luther Boelter is former pastor, Tim Walz appointeeo Inside the 40 hours of violence and fear as gunman stalks Minnesota politicianso Suspected Dem Killer Sent Cryptic Text to Family After Shootings• Booking photo released of former Coast Guard officer arrested over Trump assassination threats• Miscalculation by Spanish power grid operator REE led to massive blackout, report finds

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Brian Hein and Kristen Dalton, with Silobreaker. Brian presently serves as a Senior Strategic Advisor, and Kristen is the Director, Channel Sales.In the podcast we discuss:​Brian and Kristen’s personal and professional backgrounds (did you know one of them played in two NCAA women’s basketball tournaments? And it wasn’t the guy known as “The Paul Revere of Cybersecurity.“).​Silobreaker, OSINT and making intel useful.​Threats, challenges and mitigating risks.​The power of communities, collaboration, and making connections (and of course, ISACs!).​We play 3 Questions! ​And talk about some of our favorite places, growing up on the internet, and pork chops.​Lots more!

In this week's Security Sprint, Dave went solo to talk about:The LA ProtestsA disrupted hostile event and recognizing concerning behaviors.

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Start:·      The Gate 15 Interview EP 58 – Cathy Lanier: Leading NFL Security with Attitude, Effort, Crabs and Beer·      Gate 15: Test, Don’t Guess: Exercising Your Response Plan·      WaterISAC’s H2OEx: Click Below to Register for a Location Near You! o  Daytona, FL- July 28 o  Los Angeles, CA- Sept 11 o  Arlington, TX- Nov 6·      26th Annual TribalNet Conference & Tradeshow Main Topics: Boulder:·      DOJ: Justice Department Files Federal Charges Against Alleged Perpetrator of Anti-Semitic Terror Attack in Colorado. The Justice Department has filed federal charges against illegal alien Mohammed Sabry Soliman, the alleged perpetrator of yesterday’s anti-Semitic terrorist attack in Colorado… Soliman is being charged with a federal hate crime in addition to facing state charges for attempted murder in Colorado. Read the federal complaint HERE·      Updates: Colorado Attack That Injured 12 Was Planned for a Year, Officials Say. The F.B.I. said in a court filing that thesuspect, an Egyptian citizen who had sought asylum in the U.S., brought more than a dozen incendiary devices to a march in support of hostages in Gaza.·      Colorado suspect, now charged with federal hate crime, planned antisemitic attack for a year, FBI says·      12 burned in Boulder attack; suspect charged with federal hate crime:·      Boulder terror attack suspect planned mass shooting but was stopped from buying gun due to immigration status, as he faces 624 years in prison·      What We Know About the Boulder, Colorado Attack·      After Several Attacks, Heightened Anxiety Among American Jews Pride Month: Trans community most targeted in anti-LGBTQ+ incidents, GLAAD data shows. Transgender and gender-nonconforming people were the target of over half of allanti-LGBTQ+ incidents tracked by GLAAD over the last year in a new report… GLAAD counted more than 930 anti-LGBTQ+ incidents from May 2024 through April 2025, 52% of which targeted transgender and gender nonconforming people, across 49 states and Washington, D.C. Insider Threat:o  U.S. Government Employee Arrested for Attempting to Provide ClassifiedInformation to Foreign Government. ·      Intelligence agency employee accused of attempting to leak classified documents out of frustration with Trump.  Ransomware! ·      Gate 15: Test, Don’t Guess: Exercising Your Response Plan·      Q1 '25 Travelers' Cyber Threat Report: Record Attack Activity·      Delinea - 2025 State of Ransomware Report - Adapting with agility to a fast-changing threat landscape·      FBI PIN - Silent Ransom Group Targeting Law Firms·      Firm in Baltimore Archdiocese bankruptcy case says stolen data wasdeleted after cyber breach·      Akira Ransomware: When Paying Isn’t Enough to Stay Anonymous·      The State of State-Sponsored Hacktivist Attacks Quick Hits·      Ukraine launches massive drone strike on air bases deep inside Russia ·      Crypto Hacks in May 2025 Hit $244M, But $157M Frozen in Swift Recovery Efforts·      FBI FLASH: Infrastructure Used to Manage Domains Related to Cryptocurrency Investment Fraud Scams between October 2023 and April 2025 ·      US DIA 2025 Threat Assessment warns of growing complexity in global threats, national security·      DIA Releases 2025 Worldwide Threat Assessment: Cyber, Cartels, and Global Military Buildup Dominate Outlook·      Get ready for several years of killer heat,top weather forecasters warn·      America's summers keep getting warmer·      North Korea Infiltrates U.S. Remote Jobs—With the Help of Everyday Americans·      Tornado season 2025: active through April, andMay is keeping pace·      Treasury Takes Action Against Major Cyber Scam Facilitator

In the latest episode of Nerd Out, Dave and Alec ran through some of the incidents over the past week to talk about what happened, what impact it has on organizations, and what strategies organizations can take. The events included discussions on:Severe weather to include NOAA's latest hurricane forecast.Sabatoge in France.Geopolitical events hitting the homeland.The second season of Andor.Extreme Weather PreparednessNOAA predicts above-normal 2025 Atlantic hurricane season - https://www.noaa.gov/news-release/noaa-predicts-above-normal-2025-atlantic-hurricane-seasonWeather-related Power Outages Rising - https://www.climatecentral.org/climate-matters/weather-related-power-outages-risingAnti-government group threatens crucial weather radars, NOAA warns - https://www.washingtonpost.com/nation/2025/05/07/anti-government-weather-radar-conspiracy/How to Prepare for a Hurricane - https://www.fema.gov/blog/how-prepare-hurricaneFrance Sabotage AttacksFrance blames sabotage for second Riviera blackout, boosts security - https://www.france24.com/en/europe/20250526-france-sabotage-power-blackout-cannes-nice-rivieraHeightened Political Violence and Nihilistic Violent ExtremismWhy White Supremacists Are Trying to Attack Energy Grids - https://www.nytimes.com/2024/08/08/us/white-supremacist-power-grid-attacks.htmlJewish Museum killings show how hard it is to stop radicalized lone wolf attacks - https://www.nbcnews.com/news/amp/rcna208656The Escalating Attacks on Tesla Facilities - https://www.csis.org/analysis/escalating-attacks-tesla-facilitiesHow Burning Teslas and Killing Billionaires Became a Meme Aesthetic for Political Violence - https://networkcontagion.us/wp-content/uploads/NCRI-Assassination-Culture-Brief.pdf‘Welcome Spring, Burn a Tesla’: The Insurrectionary Anarchist Campaign Against Tesla - https://gnet-research.org/2025/05/21/welcome-spring-burn-a-tesla-the-insurrectionary-anarchist-campaign-against-tesla/Nihilistic Violent Extremism: A Valuable Stride Forward in American Counterterrorism - https://www.justsecurity.org/113463/nihilistic-violent-extremism-american-counterterrorism/

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Cathy Lanier, Senior Vice President and Chief of Security at the National Football League. Prior to serving in her current role as Senior Vice President and Chief of Security at the National Football League, Lanier held the position of Chief of Police with the Washington, D.C. Metropolitan Police Department (MPD) from 2007 to 2016. From 1990, Cathy rose through the ranks of the MPD to earn various commendable honors including becoming the first female police chief of the nation’s capital, the first commanding officer of Homeland Security and Counter-Terrorism for D.C. Police, one of a small number of female chiefs in the nation at the time, and the longest serving chief on the D.C. force. Now, as the Chief of Security for the National Football League, Lanier safeguards the security of all 32 NFL teams and their venues, liaises and collaborates with federal, state and local law enforcement, and ensures security for League events like the Super Bowl. Learn more about Cathy on LinkedIn.“We can do everything right and bad things can still happen” – Cathy Lanier, Senior Vice President and Chief of Security at the National Football League.In the discussion Cathy and Andy cover:Cathy’s Background.The 2013 Washington Navy Yard Shooting and Hostile EventsThe importance of exercises, challenging our assumptions, and after-action reports.Her two biggest lessons learnedThe ever-growing mission of securing the NFLCybersecurity, socio-political divisiveness and radicalizationGetting leadership buy-inPrivate-public partnershipThe Human Factor: Getting immersed and getting intelligenceHaving empathy and understanding the other sideDealing with adversityWe play 3 Questions!Lots more!Selected links:NFL Videos:Cathy Lanier explains her role as the NFL's Chief Security Officer. Cathy Lanier, the NFL’s Chief Security Officer, describes her transition from protecting the President of the United Sates as the first female police chief in Washington D.C. to providing the same security for the largest sporting event.NFL 360 | THE CHIEF. NFL senior vice president of security Cathy Lanier faces extraordinary crises and challenges on a daily basis, in one of the most high-profile pressure cooker positions in the sports world.MPD Navy Yard After Action ReportGuard Killed In Holocaust Museum Shooting

In this week's Security Sprint, Dave and Andy talked about the following topics:Warm Opening:• Gate 15 - Blueprints Before Breaches: Planning for Ransomware Resilience. This blog is part of Gate 15’s Summer of Security: Ransomware Resilience Series, highlighting the essential considerations for organizational leaders and cybersecurity professionals. Planning for a ransomware attack is a vital component of any organization’s cybersecurity strategy. Having a ransomware plan is important because it helps organizations prepare for, respond to, and recover from ransomware attacks effectively.• H2OSecConPalm Springs Bombingo FBI links California fertility clinic bombing to anti-natalist ideologyo Online manifesto threatened clinic attack; FBI probes Palm Springs bomb suspect’s motiveo 25-year-old suspect in fertility clinic bombing left behind ‘anti-pro-life’ writings, officials sayo What we know about the Palm Springs bombero Palm Springs IVF clinic bomber ID’d as Guy Edward Bartkus, a ‘pro-mortalist’ who opposed people being born ‘without their consent’o Palm Springs Bombing Suspect Burned Down Family Home Aged 9, Father Says• Hate Amplified: Online Posts About U.S. Judges Take Increasingly Violent Turn• Michigan Man Arrested and Charged with Attempting to Attack Military Base on Behalf of ISIS• The Delirious, Violent, Impossible True Story of the Zizians• The world’s largest incel forum reacts to Netflix’s Adolescence with hate and conspiracies• First Responders Toolbox: Large Public Gatherings Attractive Targets for Violent ExtremistsCoinbase & Insider Threat• Protecting Our Customers - Standing Up to Extortionists • Coinbase Global, Inc. & 8-K filed on 2025-05-15• Coinbase flips $20M extortion demand into bounty for info on attackers; The largest cryptocurrency exchange in the U.S. said cybercriminals bribed insiders to steal data on customers, some of whom were duped into handing over crypto assets.• Coinbase says customers’ personal information stolen in data breach• Insider Bribes Behind Coinbase Hack Exposing Customer Data• Coinbase responds to USD 400 million insider threat attack | Cyber Intelligence Briefing: 16 May 2025Weather. 28 dead, half a million without power as deadly storms, tornadoes sweep across central, eastern US. At least 28 people have died and dozens more were injured after a devastating wave of severe weather swept across the central United States late Friday into Saturday, leaving a trail of catastrophic destruction. Large tornadoes have been reported in Missouri, Kentucky, Illinois and Indiana with hard-hit southeastern Kentucky reporting a majority of the fatalities. According to Kentucky Governor Andy Beshear, there were 18 confirmed deaths in the state connected to the severe weather. The fatalities include 17 people in Laurel County and one in Pulaski County. Quick Hits: • FBI PSA: Senior US Officials Impersonated in Malicious Messaging Campaign• FBI PSA: Impersonation Scheme Targeting Middle Eastern Students in the United States• Update to How CISA Shares Cyber-Related Alerts and Notifications• Securing Critical Infrastructure: GitGuardian Partners with ONE-ISAC to Protect Oil & Natural Energy Operations• AMWA throws support behind CISA reauthorization• Major Crypto Firms Spending Millions on Personal Security• Crypto elite increasingly worried about their personal safety• France Launches Crypto Security Measures After Targeted Kidnapping Surge• The US hasn’t seen a human bird flu case in 3 months