Weekly Security Sprint EP 92. CEO attack, disrupted attacks, and cybersecurity warnings

Please enjoy our newest podcast, the weekly Security Sprint, on Spotify, Apple, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

Join the Gate 15 Resilience and Intelligence Portal – the GRIP! and get our daily report, the SUN, TARGET reports, our ransomware digest, partner reports, and more – including our new Generative AI version of the SUN! Join the GRIP! Share the Gen AI SUN! Our new TLP:GREEN Gen AI version of the SUN highlights a few notable items from the complete SUN in a 3-4 minute video that can be easily shared and digested across your organization! An easy security win, you can share the Gen AI SUN as a daily security awareness update with your security teams and even across your entire team. Take the easy win!

In this week’s Security Sprint, Dave and Andy covered the following topics:

---

H2OEx – An Exercise for the Water Sector!

Main Topics:

UHC Assassination:

• Health insurers step up security, scrub websites of leadership information
• Luigi Mangione, suspect in fatal shooting of UnitedHealthcare CEO Brian Thompson, used ghost gun that may have been 3D-printed
• Suspect in killing of health care CEO faces 5 charges including forgery and firearm without a license
• Health care CEO shooting suspect was Ivy League graduate who appears to have written about Unabomber online
• Suspect in fatal shooting of UnitedHealthcare CEO Brian Thompson ID’d as Luigi Mangione, an ex-Ivy League student
• Luigi Mangione’s sprawling family found success after patriarch’s rise
• Health insurers step up security, scrub websites of leadership information
• UnitedHealth CEO says insurer will continue to prevent ‘unnecessary care’ in leaked video as sick trolls warn, ‘Dude’s next’
• What Companies Should Be Asking Their Security Teams Right Now
• A timeline of the fatal shooting of UnitedHealthcare CEO Brian Thompson and search for his killer
• UnitedHealth CEO’s killing unleashes social media rage against insurers
• UnitedHealthcare CEO kept a low public profile. Then he was shot to death in New York
• Bullets fired at healthcare CEO in fatal shooting had words carved on them, investigators say. Investigators say the words “deny,” “defend,” and “depose” were written on the shell casings recovered at the scene of the attack
• Message on bullets fired by healthcare CEO’s assassin bear eerie link to book condemning insurance companies
• Copycat, Contagion, and the Robin Hood Effect as Risk Enhancers in Targeted Violence
• The potential targeting of VIPs was one of the considerations discussed in the new Weekly Security Sprint EP 91. Holiday scams, prepping the board / ransomware, and bomb threats.

Faith-Based Threats

• Terror attack on Bavarian Christmas market foiled by police
• Man in van filled with explosives, guns intended to attack a North Texas church, report states
• Feather River School of Seventh-Day Adventists Shooting:
  • 2 kindergarteners wounded and gunman dead after shooting at California religious school
  • BREAKING NEWS: Active Shooter at Christian School in California
  • ‘Unconscionable’: Pastor with close ties to Feather River Adventist reacts to school shooting
• Five-Eyes security and law enforcement agencies release joint authored analysis of youth radicalization & PDF analysis.

Six password takeaways from the updated NIST cybersecurity framework. Password security is changing — and updated guidelines from the National Institute of Standards and Technology (NIST) reject outdated practices in favor of more effective protections. Don’t have time to read the 35,000-word guidelines? No problem. Here are the six takeaways from NIST’s new guidance that your organization needs to know to create password policies that work.

Quick Hits:

• FBI IC3 PSA: Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
• Russian Woman Arrested In U.S. For Alleged Ties To Russian Intelligence
• NGA: 2024 State Experts Roundtable On Protecting Energy Infrastructure From Physical Attacks
• Manager of Chatham County Company Charged with Skimming Hundreds of Thousands of Dollars From Employer with Fake Invoices
• The California tsunami danger is real. The 7.0 earthquake is wake-up call to prepare. A tsunami warning was issued across Northern California on Thursday morning following a magnitude 7 earthquake. It’s a reminder to prepare and know how to respond in case of such emergencies.
  • ‘Swaying back and forth’: Magnitude 7 earthquake, aftershocks rock California
  • Tsunami warning canceled after strong California earthquake
• Salt Typhoon: 
  • White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaign
  • FCC chair proposes cybersecurity rules in response to China’s Salt Typhoon telecom hack
  • Enhanced Visibility and Hardening Guidance for Communications Infrastructure
• Health:
  • What is mystery ‘disease x’ and why have dozens died in DR Congo?
  • Unknown disease kills 143 in southwest Congo, local authorities say
  • FINAL REPORT: COVID Select Concludes 2-Year Investigation, Issues 500+ Page Final Report on Lessons Learned and the Path Forward
  • The full, 520-page final report can be found here. 
  • House COVID-19 panel releases final report: 3 key takeaways
  • Speaker Johnson Statement on House Committee on the Coronavirus Pandemic Final Report
• Korea arrests CEO for adding DDoS feature to satellite receivers
• Outraged? You’re more likely to share misinformation, study finds
• Syrian prime minister says government is still functioning but foreign and domestic challenges loom
• Backlash grows against South Korea’s Yoon after martial law decree
• What to know about South Korea’s short-lived and chaotic period of martial law
• Romania hit by major election influence campaign and Russian cyber-attacks
• EU orders TikTok to freeze Romanian elections data
• Meta: Russia tops disinformation ops, followed by Iran and China
• Choosing secure and verifiable technologies
• CISA Releases New Public Version of CDM Data Model Document
• Written Testimony Before the Task Force on the Attempted Assassination of Donald J. Trump

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• Venue Security, The IAVM Podcast Series was a 2024 limited series podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosted a series of short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at [email protected].