Weekly Security Sprint EP 23. Hate based attacks, was Andy in Russia? The weather report, cyber analysis, and more.

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

In this week’s Security Sprint, Dave and Andy talked about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN (please note, the SUN will not be available next week).

Dave and Andy discuss the Georgia Synagogue Incidents and Dave also touched on LGBT and Pride Month. They also discuss recent events in Russia, severe weather, a potential Cyber Force, and more. Links relating to those and other recent faith-based incidents include:

Main Topics.

Georgia Synagogue Incidents. Dave also touched on LGBT and Pride Month. Links relating to those and other recent faith-based incidents include:

• Antisemitic rally held outside of Cobb County synagogue
  • Outrage erupts as police allow neo-Nazis to protest outside Georgia synagogue
  • Chairwoman, Cobb officials issue statements on recent antisemitic episodes in Cobb | Cobb County Georgia
  • ‘Not going to let them win’: Anti-Semitic protesters demonstrate at Macon synagogue, fliers appear in Warner Robins neighborhoods
• FBI: UP man accused of planning synagogue attack had guns, Nazi flag
• Massachusetts church vandalized after LGBTQ Pride flags removed: ‘Stay Gay’
• Year in Review: Anti-LGBTQ+ Hate & Extremism Incidents, 2022 – 2023
• White supremacists protest Pride in Perry event
• Sacramento children-centric LGBTQIA+ Pride event met with protesters
• U.S. Attorney, FBI Raise Awareness on Importance of Reporting Hate Crimes
• Vandalism at Fowlers United Methodist Church
• Annapolis church vandalized, left with $100K in damages
• Man dies after shooting in Meridian church parking lot
• NEW JERSEY JEWISH CANCER CENTER VANDALIZED WITH ANTISEMITIC GRAFFITI
• ANTISEMITIC ‘GDL’ FLYERS FOUND IN SEVERAL PENNSYLVANIA TOWNS 
• POLICE SEARCHING FOR SUSPECT AFTER ANTISEMITIC LEAFLETS SURFACE IN PA
• ANTISEMITIC ‘GDL’ FLYERS DISCOVERED IN ST. LOUIS
• INDIANAPOLIS ‘MOMS FOR LIBERTY’ FORCED TO APOLOGIZE AFTER QUOTING HITLER
• ANTISEMITIC GRAFFITI DISCOVERED OUTSIDE SOUTH FLORIDA RESTAURANT
• Dobbs, one year later:
  • US activists rally one year after Supreme Court allowed abortion bans
  • A year after Roe’s fall, Women’s March returns to press for abortion access
  • The Dobbs Decision and the End of Roe, One Year Later
  • A Year After the End of Roe V. Wade, How Much Has Really Changed?
  • Statement from President Joe Biden on the Anniversary of Dobbs v. Jackson Women’s Health Organization
  • Remarks by President Biden in a Political Event with Reproductive Rights Groups

Dave and Andy Discuss Andy’s Curiously-Timed Absence, Russia & Wagner Group

• OSAC Security Alert: Moscow (Russia), Wagner Group Fighting in Russia (24 Jun)
  • ‘Putin humiliated’: what the papers said about the Wagner rebellion in Russia
  • Russia: Putin accuses Wagner boss of treason in national address – video
  • Prigozhin’s rockstar exit from Rostov shows public support for ‘traitor’
  • U.S. spies learned in mid-June Prigozhin was planning armed action in Russia
  • What is the Wagner Group? A look at the mercenary group led by man accused of ‘armed mutiny’ in Russia
  • Open rebellion against Russia may be Wagner chief Prigozhin’s last stand
  • Russian defence minister appears in video after Wagner mutiny
  • Russia calls for unity behind Putin after aborted mutiny
  • Questions Swirl on Russia Truce as Leaders Stay Silent; Defense chief reappears, Kremlin media suggest Prigozhin could yet face charges
  • Muted Response in China to Deal Halting Rebellion
  • Soufan – Wagner Group: The Evolution Of A Private Army
  • Russia Says Foiled Attempted Smuggling of Radioactive Material

Sever Weather!

• Extreme floods are happening way more often than federal data would suggest, analysis shows
• A man and his stepson die after hiking in Big Bend National Park in 119-degree heat

Cyber Force?

• Senate Armed Services Committee directs independent assessment for creating a Cyber Force; 

Quick Hits.

KEV Updates

• CISA Adds Six Known Exploited Vulnerabilities to Catalog. CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
  • CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability
  • CVE-2020-35730 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
  • CVE-2020-12641 Roundcube Webmail Remote Code Execution Vulnerability
  • CVE-2021-44026 Roundcube Webmail SQL Injection Vulnerability
  • CVE-2016-9079 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability
  • CVE-2016-0165 Microsoft Win32k Privilege Escalation Vulnerability
• CISA Adds Five Known Exploited Vulnerabilities to Catalog. CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
  • CVE-2023-32434 Apple Multiple Products Integer Overflow Vulnerability
  • CVE-2023-32435 Apple iOS and iPadOS WebKit Memory Corruption Vulnerability
  • CVE-2023-32439 Apple iOS, iPadOS, and macOS WebKit Type Confusion Vulnerability
  • CVE-2023-20867 VMware Tools Authentication Bypass Vulnerability
  • CVE-2023-27992 Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

COVID Origins

• ODNI RELEASES REPORT ON THE POTENTIAL LINKS BETWEEN THE WUHAN INSTITUTE OF VIROLOGY AND THE ORIGIN OF COVID-19 & THE POTENTIAL LINKS BETWEEN THE WUHAN INSTITUTE OF VIROLOGY AND THE ORIGIN OF THE COVID-19 PANDEMIC. ODNI submitted the report to Congress, and it can be viewed here.
  • The National Intelligence Council and four other IC agencies assess that the initial human infection with SARS-CoV-2 most likely was caused by natural exposure to an infected animal that carried SARS-CoV-2 or a close progenitor, a virus that probably would be more than 99 percent similar to SARSCoV-2.
  • The Department of Energy and the Federal Bureau of Investigation assess that a laboratory-associated incident was the most likely cause of the first human infection with SARS-CoV-2, although for different reasons. 
  • The Central Intelligence Agency and another agency remain unable to determine the precise origin of the COVID-19 pandemic, as both hypotheses rely on significant assumptions or face challenges with conflicting reporting. 
  • Almost all IC agencies assess that SARS-CoV-2 was not genetically engineered. Most agencies assess that SARS-CoV-2 was not laboratory-adapted; some are unable to make a determination. All IC agencies assess that SARS-CoV-2 was not developed as a biological weapon.
  • Intelligence Community releases declassified COVID origins report, lawmakers say it ‘lends credence’ to lab leak theory

Space ISAC!

• What’s Working: What happened since Colorado invested in Colorado Springs as a cybersecurity hub. “And across the hall from Raduege’s office is the Space Information Sharing and Analysis Center, an ISAC with more than 100 private companies and public sector agencies strategizing about cybersecurity in space. It’s a concerted effort to better prepare America for the worst cyberattacks.”

Ransomware:

• HHS alerts health sector to new ransomware threat. The Department of Health and Human Services Friday alerted the health sector to a recent ransomware attack on a U.S. cancer center that reduced cancer treatment capability, rendered digital services unavailable and threatened exposure of patient personal health information. “The TimiSoaraHackerTeam (THT) ransomware-as-a-service group is responsible for a recent high-impact ransomware attack that disrupted critical patient care and placed multiple patient lives at risk.”
• Ransomware Roundup – Black Basta
• Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks
• Good for Evil: DeepBlueMagic Ransomware Group Abuses Legit Encryption Tools
• Risky Biz News: Ransomware in May: 436 victims have been posted on ransomware leak sites in May 2023, according to new research from NCC Group. The figure is a 24% surge compared to April’s 352 victim count. The Lockbit gang was responsible for 18% (78 victims) of all May attacks and remains the most active threat actor in 2023. Second was 8Base, a ransomware group that began operations in April.
• Federal lawsuit blames Whitworth University for ransomware attack last summer, loss of data
• The Week in Ransomware – June 23rd 2023 – The Reddit Files
  • Reddit says ransomware posting connected to February incident

MOVEit: 

• MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed
• Largest public pension fund in US affected by MOVEit breach
• Risky Biz News: Progress sued over MOVEit vulnerabilities: Progress Software has been sued in a class-action following the recent exploitation of a zero-day in its MOVEit file-transfer appliance that has impacted hundreds of organizations. [Additional coverage in CybersecurityDive]
• University of Manchester confirms data theft in recent cyberattack
• Clop ransomware gang obtained personal data of 45,000 New York City students in MOVEit hack

Others:

• Scammers Target Stores With Bomb Threats, Seeking Bitcoin and Gift Cards; Kroger, Walmart and other U.S. retailers report anonymous threats, prompting law-enforcement investigations
• UK NCSC: New techniques added to the NCSC’s ‘risk management toolbox;’ Refreshed guidance published to help practitioners manage cyber risk.
  • Cyber security risk management framework
  • A basic risk assessment and management method
• NSA Releases Guide to Mitigate BlackLotus Threat
• Hajj pilgrimage starts in Saudi Arabia, with 2 million expected after lifting of COVID measures

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment. 
• The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: [email protected].