Weekly Security Sprint EP 88. Elections, Liability, and Off-boarding.
In the latest Security Sprint, Dave and Andy covered the following topics.
Warm Start.
• CISA: Critical Infrastructure Security and Resilience Month 2024. “Resilience means doing the work up front to prepare for a disruption, anticipating that it will in fact happen, and exercising not just for response but with a deliberate focus on continuity and recovery, improving the ability to operate in a degraded state, and significantly reducing downtime when an incident occurs.”
o A Proclamation on Critical Infrastructure Security and Resilience Month, 2024
o Biden declares November as critical infrastructure security and resilience month, calls safeguarding these systems
• FS-ISAC: Ransomware Essentials. A Guide for Financial Services Firm Defense (PDF)
Main Topics:
Election Week!
• Joint ODNI, FBI, and CISA Statement.
• US cybersecurity chief says disinformation surge hasn't impacted election
• CISA: Election Security Rumor vs. Reality
• Georgia Poll Worker Arrested for Making Bomb Threat to Election Workers
• FBI PSA: Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes
• Colorado accidentally put voting system passwords online, but officials say election is secure
• Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts (01 Nov).
Liability:
• Attorney General James Secures $2.25 Million from Capital Region Health Care Provider to Protect Patient Data
• HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000
• HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000
Insider Threats! Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information
Quick Hits:
• Wiz CEO says company was targeted with deepfake attack that used his voice
• Ripple effect: the devastating impact of data breaches
• Canadian Centre for Cyber Security - Cyber Security Readiness
• Defendants with Ties to White Supremacy Sentenced in Connection with Plot to Destroy Energy Facilities
• United States Welcomes the United Kingdom’s Actions Against Known Purveyors of Kremlin Disinformation
• Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
• Army of bots promotes petrostate hosting global climate talks
• Reset Tech Investigation - Clickbait Cures: How Meta and Google Tolerate a Dubious Meds Market in the EU
• Fitness app Strava gives away location of Biden, Trump and other leaders, French newspaper says
• Meet Interlock — The new ransomware targeting FreeBSD servers
• Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
• Spain floods disaster: death toll rises to 205 as extra troops mobilised
• Biden Administration Announces Additional Security Assistance for Ukraine
• Iran Tells Region ‘Strong and Complex’ Attack Coming on Israel
• Cybersecurity Advisory – Threats Posed by Remote Technology Workers with Ties to Democratic People’s Republic of Korea
• Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments
• New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad
• Cybercriminals Are Stealing Cookies to Bypass Multifactor Authentication
• Canadian Centre for Cyber Security - National Cyber Threat Assessment 2025-2026
• Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
• Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
• Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
D'autres épisodes de "The Gate 15 Podcast Channel"
Ne ratez aucun épisode de “The Gate 15 Podcast Channel” et abonnez-vous gratuitement à ce podcast dans l'application GetPodcast.