The Risk Roundtable EP: 40. Jen returns! Plus cybersecurity news, Nashville, staying on top of vulnerabilities and more!

Please enjoy this month’s episode of The Gate 15 podcast on on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.

---

In the latest episode of the Risk Roundtable, the prodigal cybersecurity expert returns full of wisdom and words Dave admires but can’t understand. Jen brings her expertise to the table and talks about 3CX, and staying vigilant. Dave builds upon vigilance talking about Nashville and about the value of taking stock of lessons learned from the latest school shooting. In the quick hits, Jen and Dave talk about protests, severe weather, and more cybersecurity updates. Not to be outdone, Andy pulls it all together and adds in his usual common sense approach and holding the security profession accountable. Then Andy runs the gang through love it, hate it, or don’t care.

Some of the references in the pod include:

3CX Compromise:

• SecurityWeek on 3CX
• Huntress! ⁠Jen sings some praise for the good work from this team. Amazing work and helping the community!
• Check My Operator (3CX). “This site is a way for users to identify if they were potentially impacted by the supply chain attack against 3CX from March 2023. If the background appears in red, the IP address you are visiting this site from was flagged by security researchers as potentially impacted. We do not have the ability to determine if you are still impacted. This site is a best effort to broadly notify potential impacted parties of this attack by members of the cyber security research community. If the background appears in gray, the IP address you are visiting this site from has not been reported to this site.”
• ‘A cautionary tale of success’: Taking stock of the latest massive hack
• Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack. “We found out that the threat actor specifically targeted cryptocurrency companies”
• The Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms
• 3CX Company Updates – Product Releases / Information

Nashville:

• DOJ: Maryland Man Charged for Making a Threatening Phone Call to an LGBTQ Advocacy Group, 04 Apr. “A federal criminal complaint has been filed charging a Maryland man for using the telephone to threaten a group that advocates for LGBTQ individuals. According to court documents, on the evening of March 28, the victim organization received a threatening voicemail from a phone number that investigators identified as belonging to Adam Michael Nettina, 34, of West Friendship, Maryland. The message referenced the March 27 mass shooting at a school in Nashville, Tennessee, involving multiple shooting fatalities, where the perpetrator was publicly identified as being transgender. During the call, numerous threats were made including, ‘…We’ll cut your throats. We’ll put a bullet in your head….You’re going to kill us? We’re going to kill you ten times more in full.'”
• Nashville Police: Covenant Investigation Update, 03 Apr. “Audrey Hale acted totally alone. In the collective writings by Hale found in her vehicle in the school parking lot, and others later found in the bedroom of her home, she documented, in journals, her planning over a period of months to commit mass murder at The Covenant School. The writings remain under careful review by the MNPD and the FBI’s Behavioral Analysis Unit based in Quantico, Virginia. The motive for Hale’s actions has not been established and remains under investigation by the Homicide Unit in consultation with the FBI’s Behavioral Analysis Unit. It is known that Hale considered the actions of other mass murderers. The investigation shows that Hale fired a total of 152 rounds…”
• Covenant School refutes claim Nashville shooter received counseling from school pastor
• Details about the Nashville shooter’s gender identity sow confusion and disinformation. “But there is still, days later, confusion and misinformation about how exactly Hale identified and whether Hale’s gender identity had anything to do with the motivation behind the massacre.”
• Audrey Hale’s family ‘laying low,’ communicating through church in wake of Nashville shooting
• Attacks on Christian schools ‘inevitable’ amid rising violence permeating society: Christian education expert warns
• Hoax Shooting Threats Shut Down New York Schools Days After Nashville Tragedy
• How Nashville Prepared for the Day It Never Wanted to Face; Dispatchers, police and paramedics in Nashville had for years trained for a school shooting as if it was inevitable. An attack in Uvalde, Texas, underscored that there was no margin for error.
• Understand the Threat. Gate 15 White Paper on The Hostile Event Attack Cycle (HEAC), 2021 Update.

Protests:

• In Days Before Trump Appears in Court, Few Signs Point to a Jan. 6 Repeat
• Online threats of violence but few signs of far-right organizing around Trump indictment
• Marjorie Taylor Greene calls for protests in New York after Trump indictment; The Georgia GOP congresswoman and Trump loyalist is reversing course after saying two weeks ago she and other Trump backers should not protest his indictment.
• The Far Right Is Calling For Bloody ‘Civil War’ After Trump’s Indictment; “None of this will stop unless there is blood in the streets,” one Trump supporter wrote on a message board.

Severe Weather:

• 32 dead as tornadoes torment from Arkansas to Delaware
• Significant Wintry Conditions from Intermountain West to Upper Midwest
• Here we go again: 2nd tornado outbreak in 5 days looms for Midwest

Website Security:

• Exchange on-prem throttling
• Sucuri: Website Injection⁠

Kev! IABs!

• Bleeping Computer: 15 million public-facing services vulnerable to CISA KEV flaws (31 Mar). “Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA’s KEV (known exploitable vulnerabilities) catalog. This massive number is reported by cybersecurity company Rezilion, which conducted large-scale research to identify vulnerable systems exposed to cyberattacks from threat actors, whether state-sponsored or ransomware gangs. Rezilion’s findings are particularly worrying because the examined vulnerabilities are known and highlighted in CISA’s KEV catalog as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.” Read the report from Rezilion: Get to Know KEV In Our New Research Report (30 Mar)
• Qualys
• DFIR Report
• VulnCheck

Others:

• Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security & FACT SHEET: President Biden Signs Executive Order to Prohibit U.S. Government Use of Commercial Spyware that Poses Risks to National Security
• Mandiant: Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan, 30 Mar

Get all these updates and more in our free daily paper, The Gate 15 SUN! The SUN is in transition and has moved to email distribution via Constant Contact. Let us know if you’d like to be added to the new distribution process (and check your junk mail!)

The Risk Roundtable podcast is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally. As we seek to help apply a threat-informed, risk-based approach to analysis, preparedness and operations, we hope these podcasts are informative and maybe even a little entertaining. Read more about Gate 15’s full podcast menu at our Podcast page. We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: podcast@gate15.global.

You can subscribe and enjoy The Gate 15 Podcasts on Anchor, Apple, Spotify, Google, as well as other locations accessible from the Anchor link. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment. 
• The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.

We hope you’ll subscribe, listen and share your ideas and other feedback!