Please enjoy our newest podcast, the weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.
Join the Gate 15 Resilience and Intelligence Portal – the GRIP! and get our daily report, the SUN, TARGET reports, our ransomware digest, partner reports, and more – including our new Generative AI version of the SUN! Join the GRIP! Share the Gen AI SUN! Our new TLP:GREEN Gen AI version of the SUN highlights a few notable items from the complete SUN in a 3-4 minute video that can be easily shared and digested across your organization! An easy security win, you can share the Gen AI SUN as a daily security awareness update with your security teams and even across your entire team. Take the easy win!
In this week’s Security Sprint, Dave and Andy covered the following topics:
- Auto-ISAC: Thomas Farmer Assumes Position as Director of Operations
- News from the Auto-ISAC Cybersecurity 2024 Summit
- Follow Up from last Sprint: FBI Statement Regarding Offensive Text Messages
- Groundbreaking Framework for the Safe and Secure Deployment of AI in Critical Infrastructure Unveiled by Department of Homeland Security
- Media Advisory: Chairman Green Announces Worldwide Threats Hearing Featuring DHS Secretary Mayorkas, FBI Director Wray, NCTC Acting Director Holmgren: November 20, 2024, at 10:00 AM ET
- Senate Judiciary Committee: Big Hacks & Big Tech: China’s Cybersecurity Threat: November 20, 2024, at 2:00 PM ET
Main Topics:
Homeland Security Transitions. Rand Paul has plans to kneecap the nation’s cyber agency. The incoming chair of the Senate Homeland Security Committee has pledged to severely cut the powers of the Cybersecurity and Infrastructure Security Agency or eliminate it entirely. But his grand plans for finally crushing CISA’s mandate may not be entirely possible. Paul is likely to face fierce resistance from Democrats in the House and Senate on any proposal to limit CISA’s powers. And many Republicans are also likely to push back against plans to fully cut the agency that plays a key role in responding to foreign cyberattacks. “While it’s unlikely we could get rid of CISA, we survived for what, 248 years without them,” Paul said. “I think a lot of what they do is intrusive, and I’d like to end their intrusions into the First Amendment.”
- CISA Director Jen Easterly to depart on Inauguration Day
- House Homeland Releases “Cyber Threat Snapshot” Highlighting Rising Threats to US Networks, Critical Infrastructure
- Joint Statement from FBI and CISA on the People’s Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure
- Salt Typhoon: T-Mobile Hacked in Massive Chinese Breach of Telecom Networks
- Salt Typhoon: Intelligence community briefed Congress on Chinese telecom intrusions
- Volt Typhoon rebuilds malware botnet following FBI disruption
- China’s Hacker Army Outshines America
Liability: Legal Report: A Michigan Agency Agrees to $13 Million Settlement Concerning Surprise Active Shooter Drill. The Michigan Department of Health and Human Services (MDHHS) agreed to pay a $13 million settlement for failing to warn patients and staff at a state-run psychiatric hospital about an active shooter drill in December 2022. The facility, the Hawthorn Center, treats children with emotional, mood, and thought disorders. Although the department conducts regular active shooter drills, it usually notifies both employees and local law enforcement prior to the drill. But this time, there was no warning prior to an announcement that played through the hospital’s speakers, notifying listeners that two men with guns were on the property. Upon hearing the message, staff and patients at the facility believed that the alert was not a drill, calling 911 and reaching out to family members in the belief that their lives were at risk. Employees and children tried to hide, barricade rooms, and arm themselves in anticipation of a violent attack. At least one police department was unaware that the incident was in fact a drill.
Cyber Resilience:
- NordPass: Top 200 Most Common Passwords. It’s our sixth year—this time, in collaboration with NordStellar—analyzing people’s password habits, and guess what? They’re still really bad. And we’re not just talking about personal passwords here. This time, we also put together a list of the most common corporate passwords to see how they compare to those used in everyday life. So, check out all the dishonorable winners on both lists and learn what the latest trends are. Yes, the 10 worst passwords still include ‘password’ and ‘secret’
- 2023 Top Routinely Exploited Vulnerabilities. PDF: AA24-317A 2023 Top Routinely Exploited Vulnerabilities
Quick Hits:
- Palo Alto! Risky Biz News: Unpatched zero-day in Palo Alto Networks is in the wild. Details of a zero day vulnerability in Palo Alto Networks software and a design flaw in a Fortinet product were published on Friday—every IT engineer’s favorite day for emergency security procedures. The zero-day impacts Palo Alto Networks firewall appliances, while the design weakness affects Fortinet’s Windows VPN client. The Palo Alto zero-day is believed to be related to an alleged exploit sold on the Exploit hacking forum earlier this month.
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
- CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability
- CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability
- Palo Alto updates advisory about firewall bug after discovering exploitation attempts
- Canadian Centre for Cyber Security – Alert – Securing Palo Alto management interfaces from exploitation. An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security (“Cyber Centre”) is also available to provide additional assistance regarding the content of this Alert to recipients as requested.
- CVE-2024-5910 – Palo Alto Expedition Missing Authentication vulnerability. CVE-2024-5910 is a critical (CVSS: 9.8) missing authentication vulnerability in Palo Alto Network’s Expedition, which is a tool widely used by administrators for firewall migration and configuration management. Successful exploitation of this vulnerability could allow an attacker with network access to exploit the vulnerability and take over an admin account, potentially gain access to sensitive configuration secrets, credentials, and other data stored within the tool. This issue affects Expedition versions below 1.2.92. Symantec’s network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system.
- EPA: Management Implication Report: Cybersecurity Concerns Related to Drinking Water Systems. As part of the U.S. Environmental Protection Agency Office of Inspector General’s continued oversight of the EPA’s role as a sector risk management agency, passive assessment of cybersecurity vulnerabilities was conducted on drinking water systems with populations served of 50,000 people or greater. The results identified cybersecurity vulnerabilities that an attacker could exploit to degrade functionality, cause loss or denial of service, or facilitate the theft of customer or proprietary information. PDF Report.
- Moody’s Cyber Heat Map flags extreme cyber risks for critical infrastructure, impacting telecommunications and airlines
- 35 dead as driver hits crowd at sports center in southern Chinese city
- ODNI – Potential Global Economic Consequences of a Use by Russia of Nuclear Weapons in Ukraine
- Australia-Japan-United States Trilateral Defense Ministers’ Meeting November 2024 Joint Statement
- Justice Department Announces Murder-For-Hire and Related Charges Against IRGC Asset and Two Local Operatives
- Iranian “Dream Job” Campaign 11.24
- Fans scuffle despite heavy security presence at France-Israel soccer match
- Hate, Extremism & Terrorism:
Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
- Venue Security, The IAVM Podcast Series was a 2024 limited series podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosted a series of short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
- The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.
We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads, LinkedIn, via email at [email protected].