Weekly Security Sprint EP 28. The return of the weatherman, CISA strategic plans, espionage, exploited vulnerabilities and…so much more!

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

In this week’s Security Sprint, Dave returns and he and Andy talk about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN.

[ctct form=”3911″ show_title=”false”]

Main Topics.

CSU released its final forecast for the 2023 Atlantic hurricane season on Thursday, 3 August. “We maintain our forecast for an above-average 2023 Atlantic hurricane season. While a robust El Niño has developed and is likely to persist for the peak of the Atlantic hurricane season, most of the tropical and subtropical Atlantic has record warm sea surface temperatures for this time of year. El Niño increases vertical wind shear in the Caribbean and tropical Atlantic, but the extreme anomalous warmth in the tropical and subtropical Atlantic is anticipated to counteract some of the typical El Niño-driven increase in vertical wind shear. The probability of U.S. major hurricane landfall is estimated to be above the long-period average. As is the case with all hurricane seasons, coastal residents are reminded that it only takes one hurricane making landfall to make it an active season for them. They should prepare the same for every season, regardless of how much activity is predicted.”

• Read the forecast summary here
• Read the full forecast here 
• Check the latest tropical cyclone impact probabilities here 
• Article: Ocean surface hits highest ever recorded temperature and set to rise further

CISA Cybersecurity Strategic Plan: Shifting the Arc of National Risk to Create a Safer Future. The Cybersecurity and Infrastructure Security Agency (CISA) released the FY2024-2026 Cybersecurity Strategic Plan, which guides CISA’s efforts through 2026 and outlines a new vision for cybersecurity, a vision grounded in collaboration, in innovation, and in accountability. Aligned with the National Cybersecurity Strategy and nested under CISA’s 2023–2025 Strategic Plan, the Cybersecurity Strategic Plan provides a blueprint for how the agency will pursue a future in which damaging cyber intrusions are a shocking anomaly, organizations are secure and resilient, and technology products are safe and secure by design. To this end, the Strategic CISA Releases its Cybersecurity Strategic Plan. CISA released a strategic plan to lay out how we will fulfill our cybersecurity mission over the next three years. The CISA Cybersecurity Strategic Plan aligns the following nine objectives to specific enabling measures and measures of effectiveness to drive accountability:

CHINA! Two U.S. Navy Servicemembers Arrested for Transmitting Military Information to the People’s Republic of China.

CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners are releasing a joint Cybersecurity Advisory (CSA), 2022 Top Routinely Exploited Vulnerabilities. This advisory provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2022, and the associated Common Weakness Enumeration(s) (CWE), to help organizations better understand the impact exploitation could have on their systems. Top 12 vulnerabilities list highlights troubling reality: many organizations still aren’t patching; The list includes well-known vulnerabilities impacting Fortinet’s VPNs and Log4Shell that hackers still routinely exploit.

• Cloudflare: Unmasking the top exploited vulnerabilities of 2022

Quick Hits.

• Biden-⁠Harris Administration Launches New Efforts to Strengthen America’s K-12 Schools’ Cybersecurity
• Faith-Based Security.
  • The Synagogue Attack Stands Alone, but Experts Say Violent Rhetoric Is Spreading; At his trial, the man who killed 11 at a Pittsburgh synagogue was portrayed as a lonely man engulfed in online extremism. Experts say many people fit that description. More faith-based incidents:
  • Pensacola police arrest 4 teens in connection to string of antisemitic vandalism
  • Man who allegedly fired shots at Jewish school shared grievances against it, flashbacks of father’s violent death & Former student fired gun at Jewish school, shot by police;
  • Police investigating vandalism at Utah’s oldest Black church
  • Georgia man accused of breaking into Florida church, ‘baptizing’ himself
  • Bomb threat shuts down OHSU clinic after anti-trans information posted online
  • CAIR-WA seek help identifying 2 men in Kent Mosque burglary
  • Man steals $5,000 in donations from Sikh temple in Texas
  • CAIR Calls for Hate Crime Charges Following Assault on Muslim Women in Milwaukee Park
  • Texas man with distinctive ‘656’ head tattoo charged with scrawling satanic graffiti in Catholic church
  • Miles City police investigate destruction of rainbow flag at church as possible hate crime
  • Missionary Raised $30M for Bibles—Then Blew It on Diamonds and Gambling: DOJ
  • Learn more and join FB-ISAO!
• Pandemic Preparedness Possible? Launch of the Bureau of Global Health Security and Diplomacy
• Political Security Considerations.
  • The USCP Remains Vigilant Following False Active Shooter Report
  • The Senate went into a shelter-in-place and partial evacuation following reports of an possible active shooter on the Capitol campus.
  • Outside of Trump’s arraignment, revelers mark dueling visions of justice
  • Among MAGA extremists, Trump charges draw big talk, small crowds
  • Security upped near Fulton courthouse as possible Trump indictment nears
  • Special counsel cites threatening Trump post in request for protective order in election interference case
• Another Day, More Ransomware… 🫠 The FBI is investigating a multiple-state hospital ransomware attackRansomware Attack Disrupts Health Care Services in at Least Three States; It was not immediately clear how many locations operated by Prospect Medical Holdings were affected but some sites had to cut back services or close. “A ransomware attack this week on a California-based health care system forced some of its locations to close and left others to rely on paper records. The system, Prospect Medical Holdings, which operates 16 hospitals and more than 165 clinics and outpatient centers in Connecticut, Pennsylvania, Rhode Island and Southern California, announced the cyberattack on Thursday.”
  • Malwarebytes: 2023 State of Ransomware Threat Intelligence. Key findings:
    • 1,900 total ransomware attacks on just four countries in one year.
    • Education, healthcare, and services are the sectors most at risk.
    • CLOP and MalasLocker are rewriting the ransomware playbook.
    • Use of zero-day exploits in ransomware attacks are growing.
  • Report: Ransomware Command-and-Control Providers Unmasked by Halcyon Researchers
  • Cloud company assisted 17 different government hacking groups -US researchers
  • Dragos Industrial Ransomware Attack Analysis: Q2 2023
  • RUSI: Cyber Insurance and the Ransomware Challenge. 
  • Threat Research Analysis of Ransomware Victims from Ransom Leak Site Data
  • August 2023 Threat Horizons Report Provides Cloud-Focused Cybersecurity Insights and Recommendations
  • SC Magazine: No evidence organizations with cyberinsurance more likely to pay ransom
  • How Tampa General Hospital thwarted a ransomware attack
  • FBI Investigating Ransomware Attack on RI Hospital Group
  • Health data of 1.7 million Oregon residents accessed by MOVEit hackers
  • Clop ransomware now uses torrents to leak data and evade takedowns
  • TargetCompany Ransomware Abuses FUD Obfuscator Packers
  • HC3 Sounds Alarm About Rhysida Ransomware Group
  • Dallas confirms sensitive data was stolen in recent ransomware attack
  • The Week in Ransomware – August 4th 2023 – Targeting VMware ESXi
  • Additional MOVEit-related health data breaches reported
  • 1.7 Million Oregon Health Plan Members Affected by MOVEit Hack
  • US govt contractor Serco discloses data breach after MoveIT attacks
  • Crozer Health’s computer systems were knocked offline Thursday by a ransomware attack
  • Ransomware Roundup – DoDo and Proton
  • Ransomware attacks cost manufacturing sector $46 billion in downtime since 2018, report claims
  • CYFIRMA: RANSOMWARE TRENDS : H1 2023 – Part 1
  • Qilin Ransomware Gang Adopts Uncommon Payment System: All Ransom Payments Funneled through Affiliates
  • Cyclops Ransomware Gang Unveils Knight 2.0 RaaS Operation: Partner-Friendly and Expanding Targets
  • Akira Ransomware Gang Evades Decryptor, Exploiting Victims Uninterruptedly
  • Sophos: The State of Ransomware in State and Local Government 2023
  • And there is so much more on ransomware and other new cyber threat reports.

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment. 
• The Risk Roundtable is a recurring monthly discussion among our team and occasional guests as we explore the all-hazards threats and risks impacting the United States and internationally.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Twitter, LinkedIn or via email at: [email protected].