Weekly Security Sprint EP 53. A Super Bowl amount of information – Church shooting, AI (good and bad), and much more.

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

Gate 15 is on Threads! Give us a follow and join us: @gate_15_resilience!

In this Week’s Security Sprint, Dave and Andy talked about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email [email protected].

In our warm start we address exciting news from WaterISAC!

• Announcement! WaterISAC is excited to announce that this Spring, it will be hosting H2OSecCon as a one-day virtual event on Thursday, May 23 from 11 AM – 5 PM ET! This one-of-a-kind virtual conference is curated for the water and wastewater sector with a focus on IT and OT cybersecurity, physical security, and operational resilience. The event will boast two tracks and feature sessions and panels with water utility and security experts sharing guidance, past experiences, and best practices. Mark your calendars today and make plans to join WaterISAC on Thursday, May 23! A call for presentations will open shortly and registration will open in late February. Sign Up For Updates Here!
  • National Rural Water Association and WaterISAC Collaborate to Benefit Small Water Utilities Nationwide
  • AMWA reiterates cybersecurity views to Homeland Security Subcommittee

Main Topics

Lakewood Church Shooting

• Shooting at Joel Osteen’s Lakewood Church in Houston: Female shooter killed, 5-year-old child shot
• Joel Osteen statement in response to this incident, post to Threads
• Woman Opens Fire at Joel Osteen’s Texas Megachurch During Live TV Broadcast
• Female shooter with child killed by cops outside Joel Osteen’s Houston-area church, minor suffers bullet wounds

Additional physical security items of note:

• Philadelphia Man Charged with Making Antisemitic and Islamophobic Threats
• Islamic State, Al-Qaeda Call for Violence Against Jewish Communities Following October 7 Attack
• Tennessee man who was working with militias planned to act as a sniper and attack Southern border, feds say. 
• FBI contractor stole an agent’s car and tried to enter a restricted facility, authorities say
• U.S. Strike in Baghdad Kills Iranian-Backed Militia Commander
• Iraq Criticizes US Strikes After Baghdad Attack Killed Iran-Backed Militant Group Commander
• Iraq’s Hezbollah Issues New Threat to US and Israel After Officials Killed
• Intel officials warned well before Tower 22 attack of increased risks from drones

CISA Releases Violence Prevention through De-escalation Video: Violence Prevention through De-escalation Video. For more information and to access this video online, visit: cisa.gov/resources-tools/resources/violence-prevention-through-de-escalation

AI: FCC Confirms that TCPA Applies to AI Technologies that Generate Human Voices

• AI-Generated Voices in Robocalls Are Now Illegal
• How a Biden AI robocall in New Hampshire allegedly links back to a Texas strip mall
• Taylor Swift deepfakes on X falsely depict her supporting Trump
• AI Deployed Nukes ‘to Have Peace in the World’ in Tense War Simulation
• Escalation Risks from Language Models in Military and Diplomatic Decision-Making
• Bard becomes Gemini: Try Ultra 1.0 and a new mobile app today
• AI spurs space sector innovation
• Senators weigh whether health-care AI needs a leash
• London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime
• Google saves your conversations with Gemini for years by default
• What Generative AI Means for Cybersecurity in 2024
• In Big Tech’s backyard, California lawmaker unveils landmark AI bill
• Sam Altman Seeks Trillions of Dollars to Reshape Business of Chips and AI
• The Friar Who Became the Vatican’s Go-To Guy on A.I.

NYPD & WhatsApp: Bronx stores using WhatsApp and calling officers directly in new NYPD test to combat shoplifting — and they say it’s working

Info Ops: Russia Is Boosting Calls for ‘Civil War’ Over Texas Border Crisis; An all-encompassing Russian disinformation campaign is using everything from bots to lifestyle influencers to powerful state-run media to sow division in the United States.

• Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content
• CISA Launches #Protect2024 Resources Webpage for State and Local Election Officials
• CISA unveils election resource page for officials and workers

Quick Hits

Severe Weather:

• Historic storm sends debris through LA’s Hollywood Hills and leaves 1.1 million without power
• 3 dead as storm pummels California, causing flooding and dozens of mudslides in L.A. area
• Flood Watches Remain Posted In Southern California Following Historic Rainfall In Los Angeles
• Southern California’s two-day total is expected to be among top 5 in its history
• More than 120 people are dead and entire neighborhoods have been reduced to ashes in record-breaking Chile wildfires
• The growing inadequacy of an open-ended Saffir–Simpson hurricane wind scale in a warming world
• Hurricanes are getting so intense, scientists propose a Category 6
• Be ready to spot the scams that will follow California’s winter storm

More on Scams & Fraud: Think you know what the top scam of 2023 was? Take a guess

• As Nationwide Fraud Losses Top $10 Billion in 2023, FTC Steps Up Efforts to Protect the Public
• Spotting and Reporting Investment Scams Targeting Older Investors
• FTC Sends Refunds to Consumers Harmed by a Tech Support Scam Facilitated by Payment Processor Nexway
• IRS warns tax professionals to be aware of EFIN scam email; special webinars offered next week

Ransom where? Everywhere. Chainalysis: Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline

• Ransomware Payments Hit a Record $1.1 Billion in 2023
• GRIT Ransomware Annual Report 2023 (Q1-Q4)
• The Record: Ransomware tracker: The latest figures [February 2024]
• Malwarebytes 2024 State of Malware: Known ransomware attacks up 68% in 2023
• So much more in the SUN!

• Round 3! The toothbrush DDoS attack saga continues: Newspaper counters Fortinet’s translation claim in contentious interview
  • Three million malware-infected smart toothbrushes used in Swiss DDoS attacks — botnet causes millions of euros in damages
  • No, 3 million electric toothbrushes were not used in a DDoS attack
  • Tooth be told: Toothbrush DDoS attack claim was lost in translation, says Fortinet

• Spyware: 
  • Britain and France assemble diplomats for international agreement on spyware
  • Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware
  • US announces visa restriction policy targeting spyware abuses
  • Israeli government absent from London spyware conference and pledge
  • Houthis claim fresh attacks on British and US ships in Red Sea

• 🇨🇳 Subcommittee Chairman Garbarino Statement On PRC Persistent Access To U.S. Critical Infrastructure
  • CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance
  • NSA: Combatting Cyber Threat Actors Perpetrating Living Off the Land Intrusions. Read the full report here.
  • NSA and Partners Spotlight People’s Republic of China Targeting of U.S. Critical Infrastructure
  • CISA: PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
  • Joint Advisory: PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance
  • Chinese hackers have lurked in some US infrastructure systems for ‘at least five years.’

• JCDC
  • Priorities of the Joint Cyber Defense Collaborative for 2024
  • CISA: 2024 JCDC Priorities
  • Extending the Breadth and Depth of our Partnerships – JCDC 2024 Priorities
  • Cyber pros are giving up on a key government program
  • Related: Allison Nixon on LinkedIn

• Verizon insider data breach hits over 63,000 employees
• Verizon Employee Data Exposed in Insider Threat Incident
• Ivanti: CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure
• Researchers say attackers are mass-exploiting new Ivanti VPN flaw
• Ivanti: Patch new Connect Secure auth bypass bug immediately
• Ivanti publishes urgent warning about new vulnerability
• Fortinet Releases Security Advisories for FortiOS
• UK NCSC: Vulnerability management
• Canadian Centre for Cyber Security Biometrics – ITSAP.00.019
• Canadian Centre for Cyber Security How updates secure your device (ITSAP.10.096)

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at: [email protected], and also on X, the platform formerly known as Twitter.