Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.
In this week’s Security Sprint, Jen and Andy talked about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN.
[ctct form=”3911″ show_title=”false”]
Main Topics.
Jen’s Cyber Updates
- SEC: SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. Final Rule; Fact Sheet.
- Fortinet: Cybersecurity, A Necessity for the Sustainability of Society
- Tenable: FAQ: What the New SEC Cybersecurity Rules Mean for Infosec Leaders
- Florida mandates cybersecurity training for state workers
FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent. A lot of great organizations are supporting this new initiative.
Survey: Political Violence is Justified
- ‘Anger and radicalization’: rising number of Americans say political violence is justified; Survey shows a small but significant share of Americans believe in use of force to attain political goals – on both the left and the right
Infrastructure Cyber Threats
- U.S. Hunts Chinese Malware That Could Disrupt American Military Operations; American intelligence officials believe the malware could give China the power to disrupt or slow American deployments or resupply operations, including during a Chinese move against Taiwan. “The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials. The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years. The malware, one congressional official said, was essentially ‘a ticking time bomb’ that could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to U.S. military bases.”
- Space: If you’ve ever heard our other Gate 15 podcasts, including our interviews with the team at Space ISAC, you know we’re on board with this: Bipartisan bill designates space as critical infrastructure sector. FYSA: TAG Cyber Announces Release of 2023 Q3 Edition: Focused on Cybersecurity in Outer Space.
Threats and Scams
- Attackers exploit Windows-based ‘search-ms’ protocol
- Ransomware Delivery URLs: Top Campaigns and Trends & Web browsing is the primary entry vector for ransomware infections
- USPS Phishing Scam Targeting iOS Users
- CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
- CISA Releases Analysis of FY22 Risk and Vulnerability Assessments
- CISA Releases Malware Analysis Reports on Barracuda Backdoors
- Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins
- Known Exploited Vulnerabilities Catalog
- US contractor says info of up to 10 million leaked in MOVEit breach: An IT firm that provides services to Medicaid, Medicare, U.S. student loan servicers and other government programs confirmed that the information of up to 10 million people may have been accessed by hackers exploiting the MOVEit file transfer software. In a regulatory filing with the U.S. Securities and Exchange Commission (SEC), U.S.-based government services company Maximus said it uses MOVEit “for internal and external file sharing purposes, including to share data with government customers pertaining to individuals who participate in various government programs.” Lots more daily in the Gate 15 SUN and our other reports.
Quick Hits.
- ICYMI! H2OSecCon Powered by WaterISAC; H2OSecCon Sponsorship Opportunities Now Available! Expand your exposure and support this one-of-a-kind virtual event focused on security for the water and wastewater sector. The 2nd annual H2OSecCon will be held virtually from October 19 – 20. This conference brings together hundreds of attendees from water and wastewater utilities to provide panels and sessions around IT and OT security, physical security, and resilience. Sponsorships start at $1,500. And meet new WaterISAC Champion, iSMG!
- Severe Weather – this is being covered every day in the Gate 15 SUN
- CISA Establishes Regional Election Security Advisors to Strengthen Front Line Support to the Election Community
- CISA: Cybersecurity Performance Goals: Sector-Specific Goals
- President Biden Announces Key Nominees, including Harry Coker, Jr., Nominee for National Cyber Director.
- 2023 Cofense Phishing Intelligence Trends Review: Q2
- CISA, USCG Publish Analysis Report on Findings During 2022 Risk and Vulnerability Assessments
- CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
- Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078
- Google – The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022
- Categorizing the CISA KEV by Technology Type
Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
- The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: [email protected].