Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify for Podcasters, Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.
Gate 15 is on Threads! Give us a follow and join us: @gate_15_resilience
In this week’s Security Sprint, Dave and Andy talk about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email [email protected].
Main Topics
War in Israel (see the Gate 15 SUN for abundant links and updates)
- Director Wray Addresses International Association of Chiefs of Police Conference. On the Israel Conflict: “…Whether that be from foreign terrorist organizations, or those inspired by them, or domestic violent extremists motivated by their own racial animus, the targeting of a community because of their faith is totally unacceptable. We remain committed to continue confronting those threats—both here in the United States and overseas. In this heightened environment, there’s no question we’re seeing an increase in reported threats, and we’ve got to be on the lookout, especially for lone actors who may take inspiration from recent events to commit violence of their own. So I encourage you to stay vigilant, because as the first line of defense in protecting our communities, you’re often the first to see the signs that someone may be mobilizing to violence. And I’d also ask you to continue sharing any intelligence or observations you may have. And on our end, we’re committed to doing the same, so that together, we can safeguard our communities.” (and the complete remarks discuss other threats and concerns)
- FBI director warns of rise in terror threats against Americans, potential copy-cat attacks on US soil. Five threats security pros everywhere need to focus on as the Middle East war escalates. “In this heightened environment, there’s no question we’re seeing an increase in reported threats, and we’ve got to be on the lookout, especially for lone actors who may take inspiration from recent events to commit violence of their own.”
- Faith Based Updates: FB-ISAO Newsletter, v5, Issue 10
- FB-ISAO’s Working Groups and Information Sharing Communities
- Cybersecurity Awareness Month (CAM) is 20 Years Old
- Spotlight: Education on Arms in the House
- The White House Office of Faith-Based and Neighborhood Partnerships releases Allied Against Hate: A Toolkit for Faith Communities – Tools and Resources to Protect Places of Worship
- DHS: Resources and Information for Faith and Community Leaders Regarding the Situation in Israel
Active Shooter, Hostile Events and Fall Mass Gatherings
- State Fair of Texas evacuated after shooting, one suspect in custody
- Suspect charged in State Fair of Texas shooting that injured 3
- 3 Creekside High students facing charges for school threat ‘hit lists,’ deputies say
12 October 2023 NCSC / FBI Safeguarding Our Future bulletin – Russian Intelligence Poses a Persistent Threat to the United States.
IBM Security Intelligence: 10 years in review: Cost of a Data Breach
Quick Hits.
Signal says there is no evidence rumored zero-day bug is real. “Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the ‘Generate Link Previews’ feature, stating that there is no evidence this vulnerability is real. This statement comes after numerous sources told BleepingComputer and reported on Twitter that a new zero-day vulnerability allowed for a full takeover of devices.”
Ransomware: CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware. As part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns:
- A “Known to be Used in Ransomware Campaigns” column in the KEV Catalog that identifies KEVs associated with ransomware campaigns.
- A “Misconfigurations and Weaknesses Known to be Used in Ransomware Campaigns” table on StopRansomware.gov that identifies misconfigurations and weaknesses associated with ransomware campaigns. The table features a column that identifies the Cyber Performance Goal (CPG) action for each misconfiguration or weakness.
- These two new resources will help organizations become more cybersecure by providing mitigations that protect against specific KEVs, misconfigurations, and weaknesses associated with ransomware. CISA encourages all organizations to review the blog about this RVWP effort, as well as the new KEV catalog column and updated StopRansomware.gov site and implement applicable mitigations today.
- Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
- Ransomware. Ransomware?
- Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2)
- Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
- Reports of second cyberattack on Colonial Pipeline false, company says
- Robert M. Lee on ransomware group statement.
- Newest Ransomware Trend: Attackers Move Faster with Partial Encryption
- The Week in Ransomware – October 13th 2023 – Increasing Attacks
US Secret Service: Announcing a New Series of Live Virtual Presentations on Targeted Violence Prevention. The U.S. Secret Service National Threat Assessment Center (NTAC) is pleased to announce a new monthly series of live virtual events. In these presentations, our expert researchers will share findings and implications from decades of research on targeted violence and offer strategies for preventing acts of violence impacting the places where we work, learn, worship, and otherwise live our daily lives. The list of available virtual training events will be regularly updated, and presentation topics may change from month to month. To learn more about this series of live virtual presentations, or to register for one or more of these events, please follow the link below. Learn More
CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments
FTC Data Shows Consumers Report Losing $2.7 Billion to Social Media Scams Since 2021
EPA calls off cyber regulations for water sector
#StopRansomware: AvosLocker Ransomware (Update, 11 Oct)
HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487
Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:
- The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
- Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
- The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
- The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
- The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.
We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads, LinkedIn, via email at: [email protected], and also on X, the platform formerly known as Twitter.