In this week's Security Sprint, Dave and Jen talk about the following topics:
BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces.
https://www.cisa.gov/news-events/alerts/2023/06/13/cisa-issues-bod-23-02-mitigating-risk-internet-exposed-management-interfaces
Volt Typhoon https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a
Hostile Event Arrests.
Austria LGBTQ+ Parade Arrests. https://www.bbc.com/news/world-europe-65944514?at_link_type=web_link&at_medium=social&at_ptr_name=twitter&at_link_id=948A7BFE-0DDC-11EE-90F5-49B87E934D9D&at_campaign_type=owned&at_link_origin=BBCWorld&at_bbc_team=editorial&at_format=link&at_campaign=Social_Flow
Synagogue Attack Arrest. https://www.foxnews.com/us/michigan-19-year-old-planned-synagogue-mass-shooting-fbi-claims
MOVEit.
https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability
Millions of Oregon, Louisiana state IDs stolen in MOVEit breach https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/
Great recap: CVE-2023-34362: MOVEit Vulnerability Timeline of Events (Last updated at Fri, 16 Jun 2023 15:18:17 GMT) https://www.rapid7.com/blog/post/2023/06/14/etr-cve-2023-34362-moveit-vulnerability-timeline-of-events/
Friday - The Cybersecurity 202: The MOVEit ransomware reckoning has begun https://www.washingtonpost.com/politics/2023/06/16/moveit-ransomware-reckoning-has-begun/
MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately” https://nakedsecurity.sophos.com/2023/06/15/moveit-mayhem-3-disable-http-and-https-traffic-immediately/https://www.helpnetsecurity.com/2023/06/19/cve-2023-35708/https://www.washingtonpost.com/technology/2023/06/16/moveit-ransomware-attack/
TE-SAT. European Union Terrorism Situation and Trend Report 2023 (TE-SAT) which provides the most comprehensive and up-to-date intelligence picture on terrorism in the European Union.
Quick Hits
Verizon Data Breach investigations report comes out tomorrow
LockBit CSA https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a
Baseboard Management Controller (BMC) https://media.defense.gov/2023/Jun/14/2003241405/-1/-1/0/CSI_HARDEN_BMCS.PDF
Proofpoint’s 2023 Human Factor Report https://www.proofpoint.com/us/blog/threat-insight/2023-human-factor-analyzes-evolving-threats-attack-chain
A pretty good overview on Proofpoint’s 2023 Human Factor Report: Cybercriminals return to business as usual in a post-pandemic world https://www.helpnetsecurity.com/2023/06/16/post-pandemic-threat-landscape/
How a Shady Chinese Firm’s Encryption Chips Got Inside the US Navy, NATO, and NASA
Las Vegas police foil Stanley Cup terror threat hours before Golden Knights win
PERSPECTIVE: The Rising Incel Terrorism Threat and the Broader Problem of Misogynistic Violence
Why connected cars are the next frontier in cybersecurity
New Food and AG-ISAO. Food Producers Band Together in Face of Cyber Threats
CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities.
Forrester: Ransomware, Business Email Compromise and AI Among Top Cybersecurity Threats in 2023
Real Estate Firm Hack Affects 319,500 Patients, Employees; Owner of Addiction Treatment Centers, Medical Offices and Hotels Hit by Ransomware
GAO: Violent Extremism and Terrorism: Agencies Can Take Additional Steps to Counter Domestic Threats, GAO-23-106758
‘More extreme, more violent’: experts’ warning over khaki-clad Patriot Front; Their button-up shirts and chinos have prompted mockery but experts say the far-right group is becoming increasingly violent
view more