Weekly Security Sprint EP 16. QHSR, the state of homeland security, a Faith-Based intervention, protests, Cannabis cybersecurity, more!


Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for PodcastersSpotifyAppleGoogle, as well as other locations accessible via the Anchor link or almost anywhere you listen to your favorite podcasts.


In this week’s Security Sprint, Dave and Andy talked about a number of topics listed below. They also note the new Gate 15 SUN. Subscribe to that immediately below!

[ctct form=”3911″ show_title=”false”]

Main Topics

DHS!

See Something, Say Something – Possible Faith-Based Attack Averted FB-ISAO Turns Five!

  • Man Arrested at Church Service After Members Believe he was Testing Security of Church. Tuesday morning, April 18th, the police department received a phone call from a member of the security team at Faith Assembly of God…in reference to a man who had been acting suspiciously while attending revival services. Police were informed of several incidents on different nights that made church members believe the man was testing the security of the church while also asking personal questions about the members and staff. At the request of the church, officers arrived at the beginning of last night’s service to make the church members feel safer. The man arrived at 7:00 p.m. and entered the church. Officers on scene walked by the man’s vehicle and observed in plain view an AR-style rifle, multiple 30 round magazines, a shotgun, a belt loaded with shotgun shells, knives, tourniquets, and other survival gear. Officers shared this information with church staff and they requested the man be removed from the property… (The suspect) was transported to the Miller County Jail and charged with obstructing governmental operations, resisting arrest, fleeing on foot, and possession of a controlled substance-marijuana.
  • FB-ISAO: Five Years Strong. “Happy Anniversary to the Faith-Based Information Sharing and Analysis Organization. 18 April 2023, marks five years of serving the community of faith with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience across all-faiths and all-hazards. Our members include Houses of Worship, Charities, Faith-Based Schools, and their affiliated organizations. We are five years strong!”

4-20! Cannabis ISAO Shares Cybersecurity Best Practices for the Cannabis Industry

Quick Hits:

Water-palooza!  

Ransomware – March Was a Record Setting Month & Dragos Ransomware Report

  • Dragos Industrial Ransomware Attack Analysis: Q1 2023. In the first quarter of 2023, Dragos observed two new and significant trends, the use of zero-day vulnerabilities and the exploitation of recently discovered vulnerabilities. For example, the Clop ransomware group claimed use of the GoAnywhere zero-day vulnerability (CVE-2023-0669) to impact 130 organizations in February 2023. Dragos is aware of 14 industrial organizations that the Clop ransomware group impacted in the past quarter. It is unclear if the group used the GoAnywhere vulnerability to impact these organizations. Other ransomware groups, such as Cuba and Play, used a zero-day exploit dubbed OWASSRF to target CVE-2022-41080 and compromise unpatched Microsoft Exchange servers in January 2023. Dragos detected 214 ransomware incidents in the first quarter of 2023, a 13 percent increase from the previous quarter

Blended Threats – Critical Infrastructure Space Asset Disruption Impacts Farming Operations 

  • Farmers ‘crippled’ by satellite failure as GPS-guided tractors grind to a halt. Tractors have ground to a halt in paddocks across Australia and New Zealand because of a signal failure in the satellite farmers use to guide their GPS-enabled machinery, stopping them from planting their winter crop. The satellite failure on Monday was a bolt from the blue for farmers in NSW and Victoria, who were busy taking advantage of optimal planting conditions for crops including wheat, canola, oats, barley and legumes.

New FBI Elder Fraud Report

3CX – Attack x Within x Attack

SBOM, SBOM, You’re my SBOM!

  • CISA Releases Two SBOM Documents. On Friday, CISA released two community-drafted documents around Software Bill of Materials (SBOM)Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange (VEX).
    • The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace.
    • The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements.
  • Led by CISA, both publications were debated and drafted by a community of industry and government experts with the goal to offer some common guidance and structure for the large and growing global SBOM community.

Chinese Police Outposts

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for PodcastersAppleSpotifyGoogle, as well as other locations accessible from the Anchor link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

  • The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment. 
  • The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
  • The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
  • Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
  • The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on TwitterLinkedIn or via email at: [email protected].

Related Posts