The Gate 15 Podcast Channel
By Gate 15
The Gate 15 Podcast ChannelNov 14, 2022
The Risk Roundtable EP: 42. Drones, AI, Organized Retail Crime and Security Mindfulness
Russia's Drone Barrage Ineffective Due to 'Poor Targeting Processes'—U.K.
Inside Ukraine’s secretive drone program
Russia says shoots down Ukraine-launched drones over Crimea, Kursk
Gate 15 Resource Links: Drones
Oh ****, maybe we did start building SkyNet… AI Threat Placed on Par With Pandemics, Nuclear War
More than 350 people signed a statement released by the Center for AI Safety, an organization that said it works to reduce AI risks.
AI-Controlled Drone Goes Rogue, 'Kills' Human Operator in USAF Simulated Test
They Plugged GPT-4 Into Minecraft—and Unearthed New Potential for AI
Microsoft is attributing the these attacks to Cl0p ransomware.
CISA Adds One Known Exploited Vulnerability to Catalog. CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2023-34362 Progress MOVEit Transfer SQL Injection Vulnerability
New York State Department of Financial Services MOVEit Transfer Vulnerability
MOVEit: The Week in Ransomware - June 2nd 2023 - Whodunit?
HuntressLabs, Mandiant, Rapid7, TrustedSec, and Trustwave have published more details on the attacks targeting MOVEit file-transfer appliances.
Article: CISA orders govt agencies to patch MOVEit bug used for data theft
Deployed publicly accessible MOVEit Transfer? Oh no. Mass exploitation underway
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Joint Cybersecurity Advisory: U.S., ROK Agencies Alert: DPRK Cyber Actors Impersonating Targets to Collect Intelligence, PDF
'The Comm': The Group Linked to a Nationwide Swatting Rampage
The 2024 race promises to be ‘very, very active’ in terms of foreign and domestic meddling, says former CISA chief
Blended Threats - Study: Severe Weather–Related Power Outages Pose Increasing Threat to Patients Who Rely on Electronic Medical Equipment
What the debt ceiling deal means for U.S. cyber agency
CSU released its second forecast for the 2023 Atlantic hurricane season on Thursday, 1 June
The 2023 Atlantic Hurricane Season Is Here – Here Are The Key Things You Should Know
2023 Atlantic Hurricane Season Has Officially Begun – Here's What Is Typical In June And July
Here's How To Get Ready For Hurricane Season
Pride Month Concerns.
Tree of Life synagogue: Gunman driven by 'malice and hate'MSU reports gunman watched campus tours, searched school shootings prior to mass shooting
Layton Target evacuated after bomb threats reported at multiple Utah stores.
Spotlight: Culture War Rhetoric Escalate to Physical Threats. At Least 9 Target Stores Received Fake Bomb Threats Over Pride Merchandise
FBI investigating threats of violence to Omaha religious centers. “According to authorities, the author of the note claims to represent Jane’s Revenge — an abortion rights extremist group that Homeland Security has linked to arson attacks against buildings of ideological opponents.”
Recent attacks put staffers on edge as authorities look for answers; Threats cut across party lines
Experts warn against canceling Pride campaigns after extremists threaten Target
Target Pride backlash exposes 'rainbow capitalism' problem, designer says
Pride Month is a war. Brands are the battlefield.
Motorists Face Hate Messages After White Supremacists Hack Interstate Road Sign
FB-ISAO Threat Level Update, June 2023. Based on this review, we have determined to maintain all threat levels at GUARDED, meaning that FB-ISAO is aware that a general risk of incidents exists, but there are no target or time specific threats requiring an escalation in our overall preparedness at this time.
Weekly Security Sprint EP 20. Memorial Day Special - NTAS, vehicle ramming, protecting places of worship, blended threats and more.
Weekly Security Sprint EP 19. Business Email Compromise, Pride Month, Ransomware, and Venue Security
Cyber Signals (BEC)
Shifting tactics fuel surge in business email compromise. On 19 May, Microsoft “released the fourth edition of Cyber Signals highlighting a surge in cybercriminal activity around business email compromise (BEC).
Cybersecurity experts confirm school security blueprints stolen in MPS ransomware attack.
Russian National Charged with Ransomware Attacks Against Critical Infrastructure.
CISA and Partners Release BianLian Ransomware Cybersecurity Advisory.
Ransomware Revenue Down As More Victims Refuse to Pay
Ransomware comes back with a vengeance
Philadelphia Inquirer hit by cyberattack causing significant disruption
New RA Group ransomware targets U.S. orgs in double-extortion attacks.
Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online
Ransomware Roundup - Maori
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea
Ransomware corrupts data, so backups can be faster and cheaper than paying up
MalasLocker Ransomware Targets Zimbra Servers, Demands Charity Donation
ScanSource says ransomware attack behind multi-day outages
Are Ransomware Attacks Declining, or Has Reporting Worsened?
Orlando Digital Traffic Sign Blasts Vile Message to ‘Kill All Gays.’
Threats against the LGBTQIA+ community intensifying: Department of Homeland Security.
BBC: El Salvador stadium crush leaves at least twelve dead
NY Times: What to Know About the Houston Astroworld Tragedy
NBC News: Gilroy Garlic Festival Mass Shooting
Computer in Russia breached Metro system amid security concerns, report says.
'Belligerent' passenger arrested after hitting flight attendant with intercom phone, Frontier Airlines says | CNN
DOJ: Judge Imposes Eight Consecutive Life Sentences Plus 260 Years in Prison for ISIS-Inspired 2017 Murder of Eight Victims and Attempted Murder of 18 Others in NYC Truck Attack.
Congress looks to expand CISA’s role, adding responsibilities for satellites and open source software.
World likely to breach 1.5C climate threshold by 2027, scientists warn
Burleson Man Who Idolized Mass Shooters Charged With Possessing Homemade Bomb: Feds
New Mexico Shooter Was Wearing Bulletproof Vest, Carried Cryptic Note In His Pocket, Police Say
At least 3 people killed, 2 cops injured in New Mexico shooting
3 dead, 6 injured in New Mexico shooting: Police
Massachusetts Man Indicted for Acting as an Illegal Agent of the People’s Republic of China
Zoom executives knew about key elements of plan to censor Chinese activists
Pentagon leak suspect Jack Teixeira warned about mishandling classified info, prosecutors say
FBI misused surveillance tool on Jan. 6 suspects, BLM arrestees and others
Homeland Security Uses AI Tool to Analyze Social Media of U.S. Citizens and Refugees;
US Dept. of State: 2022 Report on International Religious Freedom
Montana’s TikTok ban: why has it happened and will it work?
The Gate 15 Interview EP 35: Angie Gad on intelligence, analysis, emerging threats, and the joys of good coffee, the beach and Mediterranean Vibes!
Angie’s background and her experiences working with the public and private sectors.
Changes to the threat landscape over the last ten years.
The proliferation of online platforms, social media and the complexities of emerging technologies like AI.
The horseshoe of international terrorism and domestic extremism.
The importance of thinking like the enemy.
The beach, coffee, milk tea and Mediterranean Vibes.
Weekly Security Sprint EP 18. Cyclones, faith-based community security, passion jobs, cyber and more!
The workers leaving their dream jobs
Philadelphia Inquirer attack: www.inquirer.com/news/philadelphia-inquirer-cyberattack-internet-security-20230515.html
Biden calls white supremacy greatest terrorism threat - www.politico.com/news/2023/05/13/biden-howard-university-white-supremacy-terrorism-00096811
Malicious AI Tool Ads Used to Deliver Redline Stealer - www.trendmicro.com/en_us/research/23/e/malicious-ai-tool-ads-used-to-deliver-redline-stealer.html
El Niño is coming back — and could last the rest of the year, according to NOAA - www.usatoday.com/story/news/nation/2023/05/13/el-nino-is-likely-coming-what-is-that-will-it-lead-to-heatwaves/70211895007/
Weekly Security Sprint EP 17. More hostile events, ransomware, hurricane predictions, and an end of COVID?
The Risk Roundtable EP: 41. The action is the Juice....jacking, plus active shooter reports, patching, and hurricane preparedness
In the latest episode of the Risk Roundtable, Dave, Jen and Andy return to talk on very real and maybe somewhat less real threats across the all-hazards environment. Jen kicks things off sharing her thoughts on the recent FBI Advisory on jUIcE JaCKiNg!! Dave continues the focus on the FBI, sharing his heartfelt thoughts relating to the new Active Shooter report. Quick hits touch on Hurricane Preparedness, Patching (always patching!) and a new COVID report. The team then talks a little US-Russian history, and some musical history, as they dive into love it, hate it, or don’t care.
Weekly Security Sprint EP 16. QHSR, a Faith-Based intervention, protests, and cannabis!
In the latest Weekly Security Sprint, Dave and Andy discussed the following topics.
DHS!Department of Homeland Security Issues QHSR Detailing Strategy to Stay Ahead of Evolving Threat Environment. 2023 State of Homeland Security Remarks: Tackling an Evolving Threat Landscape – Homeland Security in 2023 Secretary Mayorkas Announces New Measures to Tackle A.I., PRC Challenges at First State of Homeland Security Address State of Homeland Security: Mayorkas Launches Artificial Intelligence Task Force, ‘Sprint’ to Assess China’s ‘Especially Grave Threat’
See Something, Say Something – Possible Faith-Based Attack Averted & FB-ISAO Turns Five!Man Arrested at Church Service After Members Believe he was Testing Security of Church. Man fights officers in church; vehicle discovered stocked with weapons, ammo Man's behavior at Texarkana revival service leads to his arrest, seizure of guns, survival gear
FB-ISAO: Five Years Strong. “Happy Anniversary to the Faith-Based Information Sharing and Analysis Organization. 18 April 2023, marks five years of serving the community of faith with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience across all-faiths and all-hazards. Our members include Houses of Worship, Charities, Faith-Based Schools, and their affiliated organizations. We are five years strong!”
4-20! Cannabis ISAO Shares Cybersecurity Best Practices for the Cannabis Industry4-20 2023! Cybersecurity Best Practices for the Cannabis Industry.
Quick Hits:Water-palooza! The Gate 15 Interview: April is Water-palooza! Chuck Egli and Jen Walker talk WaterISAC! Attorney General Brenna Bird Sues Biden Administration over New Cybersecurity Regulations for Public Water Systems Save the Date for H2OSecCon 2023!
Ransomware – March Was a Record Setting Month & Dragos Ransomware ReportMarch 2023 broke ransomware attack records with 459 incidents. Ransomware is a major threat to smaller utilities, manufacturers and health care providers: report. Dragos Industrial Ransomware Attack Analysis: Q1 2023.
Blended Threats – Critical Infrastructure Space Asset Disruption Impacts Farming OperationsFarmers ‘crippled’ by satellite failure as GPS-guided tractors grind to a halt. T
New FBI Elder Fraud ReportElder fraud costs Maine victims millions of dollars, report finds.
3CX – Attack x Within x AttackMandiant: 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible. Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack. The 3CX cyberattack was the result of two supply-chain hacks, Mandiant says
SBOM, SBOM, You’re my SBOM!CISA Releases Two SBOM Documents. On Friday, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange (VEX). Types of SBOM document Minimum Requirements for VEX document
Chinese Police OutpostsUS Brings Charges Over Secret Chinese Police Outpost. DOJ: Two Arrested for Operating Illegal Overseas Police Station of the Chinese Government.
The Gate 15 Interview EP 34: April is Water-palooza! Chuck Egli and Jen Walker talk WaterISAC!
Nerd Out Security Panel Discussion: EP 36. Making your way into the security profession
Weekly Security Sprint EP 15. A few of our favorite things - insiders, ransomware, hostile events, and Andy's quick hits
In this week's Security Sprint, Dave and Andy talked about the following topics:
Insiders, hostile events, and data lossLouisville. AP: https://apnews.com/article/downtown-louisville-shooting-dc7b45a9c5d2b384a16d653864f8b735 DoD Data Loss. USA Today: https://www.usatoday.com/story/news/politics/2023/04/13/dod-leaked-documents-pentagon-military-secrets/11648829002/
RansomwareMajor cybersecurity flaws led to Suffolk County ransomware attack: The LockBit ransomware (kinda) comes for macOS; Analyzing an arm64 mach-O version of LockBit & LockBit ransomware gang appears to be targeting Macs for the first time Risky Biz News: NCR gets ransomwared: NCR, the world’s largest banking and payments software maker, has confirmed that a recent data center outage was caused by a ransomware attack. And see NCR suffers Aloha POS outage after BlackCat ransomware attack Karakurt returns: Chinese security firm QiAnXin has a report on the return of Karakurt, the data extortion division of the old Conti gang. Technical Analysis of Trigona Ransomware & Trigona Ransomware Attacking MS-SQL Servers Vice Society ransomware uses new PowerShell data theft tool in attacks Risky Biz News: Kadavro ransomware: Fortinet has an analysis of the new Kadavro ransomware they’ve been seeing distributed in the wild disguised as a Tor Browser installer. Risky Biz News: LockBit ransomware: French security firm Glimps has published a technical analysis of Lockbit’s new version, known as LockBit Green. Risky Biz News: RTM Locker: Trellix researchers have discovered a new RaaS platform named Read The Manual, or RTM Locker.
Space as Critical Infrastructure:FDD: Time to Designate Space Systems as Critical Infrastructure & Opinion: Time to designate space systems as critical infrastructure, and reported here: Cyberspace Solarium Commission says space systems should be considered critical infrastructure
Others:Faith-Based Security: FB-ISAO Newsletter, v5, Issue 4. FB-ISAO is Five Years Strong, Mass Shooting at Covenant School, SPOTLIGHT: Resources, Upcoming Events. FB-ISAO: Faith-Based Organizations Continue to Be Targets of Hostile Events. A Proclamation on Days Of Remembrance Of Victims Of The Holocaust, 2023 Statement from President Joe Biden on Orthodox Easter CSU released its first forecast for the 2023 Atlantic hurricane season on Thursday, April 13. We anticipate that the 2023 Atlantic basin hurricane season will have slightly below-average activity.
MDM:THE CYBERSECURITY 202: Russians boasted of undetected bots, leaked documents show. Risky Biz News: Misinformation superspreaders: A report found that Twitter Blue accounts are some of the platform’s biggest spreaders of misinformation. Unleash the Twitter Bots What it will look like if China launches cyberattacks in the U.S. “If Xi Jinping moves on Taiwan, we should assume he’ll launch cyberattacks against the United States as part of the operation,” Rep. Mike Gallagher (R-Wis.), chair of the House Select Committee on China, said in an emailed statement. Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. ’But even if the event turns out not to be the work of an outside malicious hacker, the threat to water treatment facilities is still very real, said Jennifer Lyn Walker, director of infrastructure cyber defense at the Water Information Sharing and Analysis Center. Furthermore, she said, the incident helped give the attention needed to kickstart a larger conversation about securing the water and wastewater systems, particularly for smaller utilities. A cyber attack hit the water controllers for irrigating fields in the Jordan Valley; A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation.
Weekly Security Sprint EP 14. More hostile events - Louisville, Colorado, plus reporting suspicious activities and breach notifications, plus quick hits!
The Risk Roundtable EP: 40. Jen returns! Plus cybersecurity news, Nashville, staying on top of vulnerabilities and more!
Weekly Security Sprint EP 13. Nashville, Political Violence, Severe Weather, alerts, protests and Blue Jeans!
In the latest episode of the Weekly Security Sprint, Dave and Andy covered the following topics:
Nashville School Shooting:CNN: https://www.cnn.com/us/live-news/nashville-shooting-covenant-school-03-27-23/index.html
Gate 15's Blue Jeans Worksho
Political ViolenceNBC: Trump warns of ‘potential death and destruction’ if he’s charged in hush money probe, 24 Mar Newsweek: Jim Jordan’s Response to Trump’s ‘Death & Destruction’ Post, 24 Mar CBS: “Significant increase” in threats online ahead of possible Trump indictment, 20 Mar Breaking 911: Bomb Threats Made Against Manhattan DA, Courts & NYPD HQ As Possible Trump Indictment Nears, 21 Mar NY Post: Envelope containing suspicious powder, death threat sent to DA Alvin Bragg’s NYC office, 24 Mar
Severe Weather:BBC: https://www.bbc.com/news/world-us-canada-65072195
Cybersecurity Regulations:CISA: CIRCIA at One Year: A Look Behind the Scenes, 24 Mar (Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)) CISA: JCDC Cultivates Pre-Ransomware Notification Capability, 23 Mar CISA: Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs, 23 Mar
Ransomware:Palo Alto report: https://unit42.paloaltonetworks.com/multi-extortion-rise-ransomware-report/ DataBreaches.net: Blended Threats! Cyberattack disrupts Spanish medicine distribution, 23 Mar Lawrence Abrams and Bleeping Computer: The Week in Ransomware - March 24th 2023 - Clop overload, 24 Mar
Others:Protests: @dave links? Washington Post’s Cybersecurity 202: Everything you need to know about Thursday’s four cyber hearings, 24 Mar CyberScoop: The pressing threat of Chinese-made drones flying above U.S. critical infrastructure, 23 Mar CyberScoop: Fact or fiction, hacktivists’ claims of industrial sabotage in Russia or Ukraine get attention online, 22 Mar and Mandiant: We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems, 22 Mar DoJ: Justice Department Announces Arrest of the Founder of One of the World’s Largest Hacker Forums and Disruption of Forum’s Operation, 24 Mar & CyberScoop: The FBI’s BreachForums bust is causing ‘chaos in the cybercrime underground,’ 24 Mar CISA: Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments, 23 Mar
The Gate 15 Interview EP 33: Climate Change Threats with Dr. Jeff Masters. Sea Level Rise, Drought, the 2023 Hurricane Season, plus Devo, Watermelon & the beauty of the Havasupai Canyon!
On Twitter: @DrJeffMasters
In the discussion we address:
Jeff’s incredible Hurricane Hugo experience.
Intergovernmental Panel on Climate Change (IPCC) Report and going beyond the ‘planetary boundaries of safe operation for the planet.’
Jeff’s important ideas to understand about climate change.
Jeff discusses his two biggest climate concerns - the disruptive threats from sea level rise and drought, including:
A potential ‘massive financial threat to the US.’ Jeff says, ‘we’re not correctly pricing risk…there threatens to be a shakeout in the…market’ and he notes insurance company struggles in Florida, Louisiana and California as examples before discussing the potential cascading effects associated with humans fleeing from the coasts.
Threats to critical infrastructure, including real estate, water and wastewater, transportation and supply chains.
And he explains his concerns about drought impacting food prices and leading to famine.
Hurricane season 2023, an anticipated El Nino year, perhaps something that may look like the 2018 hurricane season.
Plus! Devo, getting outdoors, watermelon, and the beauty of the Havasupai Canyon.
A few references mentioned in or relevant to our discussion include:
Jeff’s Hurricane Hugo Experience:
Weather Underground: Hunting Hugo: The Hurricane Hunters' Wildest Ride, a multi-part story of Jeff’s incredible experience in the eye of Hurricane Hugo.
Weather Underground: A flight through Hurricane Hugo, remembered 20 years later, 15 Sep 2009
Originally published in Weatherwise magazine, Hunting Hugo was made available in digital form, complete with the many photos I took on the flight, on the web site I co-founded, Weather Underground. A separate account of the flight was written by a reporter from Barbados who was on the flight, and was published in my Weather Underground blog in 2009. There was a 45-minute episode of “Air Crash Investigation” (AKA “Mayday”) on the Hugo flight called “Into the Eye of the Storm” that aired in 2014. Several hundred thousand dollars was spent on the episode, which included CGI effects, a set built in Toronto to simulate the flight, and actors playing the crew and scientists. In 2022, the video was available with a paid subscription to Paramount Plus. The video was also available for free at apparat.com.
Take to the Sky: The Air Disaster Podcast: Episode 85: NOAA 42 Hurricane Hunters, 02 Dec 2021
Intergovernmental Panel on Climate Change (IPCC) Report:
The Guardian: Scientists deliver ‘final warning’ on climate crisis: act now or it’s too late, 20 Mar
IPCC Sixth Assessment Report, 20 Mar
IPCC IPCO Sixth Assessment Report Working Group 1: The Physical Science Basis; Summary for Policymakers
BBC: UN climate report: Scientists release 'survival guide' to avert climate disaster, 20 Mar
New York Time: Earth to Hit Critical Warming Threshold by Early 2030s, Climate Panel Says, 20 Mar
Climate.gov: Climate Change: Global Sea Level, 19 Apr 2022
NASA Vital Signs
NASA Sea Level Change; Observations from Space
NASA Sea-Level Toolkit: New Guide Helps Planners Prepare, 07 Feb 2023
CNN: Threat of rising seas to Asian megacities could be way worse than we thought, study warns, 08 Mar 2023
Space.com: Sea level rise slowed down in 2022. NASA says it's just a blip, 22 Mar
NOAA: Destructive 2018 Atlantic hurricane season draws to an end; NOAA services before, during, after storms saved lives and aided recovery, 28 Nov 2018
Some of Jeff’s recent writing:
YALE Climate Connections: With global warming of just 1.2°C, why has the weather gotten so extreme? Climate change increases extreme weather by adding more heat and moisture to the air and through disruption of fundamental atmospheric circulation patterns, 06 Mar 2023
YALE Climate Connections: The other ‘big one’: How a megaflood could swamp California’s Central Valley; A repeat of the state’s Great Flood of 1861-62 could cause over $1 trillion in damage, 25 Jan 2023
YALE Climate Connections: If a megaflood strikes California, these dams might be at risk; The state’s highest-risk dams protect millions of people and tens of billions in property, including Disneyland and the Naval Weapons Station Seal Beach, 26 Jan 2023
Nerd Out Security Panel Discussion: EP 35. Solo Dave talking behaviors, data, and his views on extended universes!
Reports mentioned in this podcast include:
U.S. Secret Service: www.secretservice.gov/newsroom/releases/2023/01/new-secret-service-research-examines-first-time-five-years-mass-violence
Weekly Security Sprint EP 12. Extremism and Terrorism Reports, Financial Crisis "fears", Climate, and quick hits!
Weekly Security Sprint EP 11. Cyber reports, hate based behaviors and Peacemaker is making waves into security?
The Risk Roundtable EP 39: Special Guests, the latest scams, the National Cybersecurity Strategy and more!
National Cybersecurity Strategy:
White House: FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy, 02 Mar
Gizmodo: I Read the Biden Administration’s New Cyber Policy So You Don’t Have To, 04 Mar
US House Committee on Homeland Security: Green, Garbarino Statement on the Release of the National Cybersecurity Strategy, 02 Mar
Risky Biz News: White House unveils National Cybersecurity Strategy, 02 Mar
HS Today: COLUMN: A Shared Accountability Approach to Cyber Defense, by Bob Kolasky, 02 Mar
CISA Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address, 27 Feb
Industrial Cyber: National Cybersecurity Strategy sets its eyes on improving security, resilience across critical infrastructure, 03 Mar
WSJ: Cisco Chief Says Tech Products Must Be Made More Secure, 02 Mar
EPA: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems, 03 Mar
Risky Biz News: EPA releases cybersecurity guidance for US public water sector, 05 Mar
CNN: US introduces new rules to protect water systems from hackers, 03 Mar
CyberScoop: EPA issues water cybersecurity mandates, concerning industry and experts, 03 Mar
SC Media: EPA memo pushes states to include cybersecurity in water safety reviews, 03 Mar
Industrial Cyber: EPA issues memorandum to address PWS cybersecurity using sanitary surveys, improve resilience, 06 Mar
AP: 1 dead, 9 hurt in stampede at GloRilla concert in New York, 06 Mar
Dr. G K Still on Twitter, ‘Teaching crowd safety/risk analysis around the world. Consulting and expert witness experience help develop better teaching and training courses.’ International Association of Venue Managers’ (IAVM) Academy of Venue Safety and Security (AVSS)
Scams: BBB Scam Alert:
Think twice before filling out craft fair applications, 03 Mar
Washington Post: They thought loved ones were calling for help. It was an AI scam., 05 Mar
Weekly Security Sprint EP 10. Happy Birthday to DHS, protests, cyber threats, and more.
In this week's Security Sprint, Dave and Andy talked about the following topics:
National Cybersecurity Strategy:White House: FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy, 02 Mar Gizmodo: I Read the Biden Administration’s New Cyber Policy So You Don’t Have To, 04 Mar US House Committee on Homeland Security: Green, Garbarino Statement on the Release of the National Cybersecurity Strategy, 02 Mar Risky Biz News: White House unveils National Cybersecurity Strategy, 02 Mar CISA Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address, 27 Feb Industrial Cyber: National Cybersecurity Strategy sets its eyes on improving security, resilience across critical infrastructure, 03 Mar WSJ: Cisco Chief Says Tech Products Must Be Made More Secure, 02 Mar
Water Cybersecurity:EPA: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems, 03 Mar Risky Biz News: EPA releases cybersecurity guidance for US public water sector, 05 Mar CNN: US introduces new rules to protect water systems from hackers, 03 Mar CyberScoop: EPA issues water cybersecurity mandates, concerning industry and experts, 03 Mar SC Media: EPA memo pushes states to include cybersecurity in water safety reviews, 03 Mar Industrial Cyber: EPA issues memorandum to address PWS cybersecurity using sanitary surveys, improve resilience, 06 Mar
Homeland Security:Greek Protests: https://www.bbc.com/news/world-europe-64820085 South Korean Protests: https://www.bbc.com/news/world-asia-64858944 HS Today: DHS at 20: Mission Poised ‘to Grow Even More Complex’ as New Threats May Pose ‘Even Greater Potential for Harm,’ 01 Mar Politico: Documents: DHS has a domestic-intelligence program, 06 Mar NIJ: Assessing Risk of Terrorist Acts by Looking at Location Data and Demographic and Social Characteristics, 27 Feb HS Today: National Institute of Justice Examines Link Between Location of Terrorists and Risk of Terrorism, 27 Feb
Cybersecurity & Ransomware:VulnCheck: The VulnCheck 2022 Exploited Vulnerability Report - A Year Long Review of the CISA KEV Catalog, 02 Mar Recorded Future: 2022 Annual Report, 02 Mar HS Today: Cyber Threat Trends to Watch This Year as Forecast by MS-ISAC, 02 Mar Bleeping Computer: Play ransomware claims disruptive attack on City of Oakland, 03 Mar CBS Bay Area: Ransomware hackers release some stolen Oakland data, 04 Mar
Other: Gizmodo: Yikes, the U.S. Is Now Using Facial Recognition Rigged Drones for Special Ops, 27 Feb
Weekly Security Sprint EP 9. ADL Report, Ransomware, Measles, Mis/Dis/Mal-information, and more.
ADL: Murder and Extremism in the United States in 2022, 22 Feb
Bridget Johnson in HS Today: Jewish Community, Law Enforcement Respond with Preparedness, Unity to Extremists’ ‘National Day of Hate,’ 24 Feb
ABC 6 Action News: Philadelphia mosque vandalized with paint; suspect wanted, 27 Feb
CNN: Cyberattack on food giant Dole temporarily shuts down North America production, company memo says, 22 Feb
Gate 15: Blended Threats to Hospitals: A Growing Concern, 21 Feb
Newsweek: Russian Media Hack Hits During Putin Speech, 21 Feb
Graphika: How to Lose Influence and Alienate People, 23 Feb
Meta: Meta’s Ongoing Efforts Regarding Russia’s Invasion of Ukraine, 22 Feb 2022
The Record at Recorded Future: Oakland says 311, business license systems still down, but National Guard is helping, 24 Feb
Cybersecurity 202: Federal panel says agencies need to focus on harmonizing cyber regulations, 22 Feb
Malwarebytes: Royal Mail schools LockBit in leaked negotiation, 23 Feb
The Gate 15 Interview EP 32: Getting Weird with Rachel Tobac - Hacking, Twitter, MFA, Being Politely Paranoid and…Time Travel?
Nerd Out Security Panel Discussion: EP 34. Hostile events, venue security and upcoming religious holiday preparedness.
In the latest episode of Nerd Out, Dave is joined by Bridget Johnson and Joe Levy as they talked about some of the hostile events to date in 2023 and looked ahead to the coming faith-based holidays and celebrations in the coming months. Bridget talked about the California shootings and the power of copy cats, while Joe focused attention on the various ways that organizations can deploy security protocols to reduce risk. The nerds then took a look ahead at the upcoming religious holidays and what that might mean for accelerationists and other hate-based groups. Joe then wrapped up talking about the upcoming AVSS event that is coming up in Pittsburg. Registration Information can be found here: https://iavm.org/events/avss/
Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: firstname.lastname@example.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/
Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ
Weekly Security Sprint EP 8. Twitter fight over MFA, FBI threat considerations, Ransomware, Supply Chain and more.
Weekly Security Sprint EP 7. Crowd management, Hostile Events arrests, ransomware, cyber news and more.
The Risk Roundtable EP 38: The 4 R's - ransomware, reporting, romance scams and Paul Rudd! Not to mention all-hazards!
In the latest episode of the Risk Roundtable, Andy does double duty, first welcoming Jen to get the latest on the ransomware threats, before bringing Dave in to talk about weather and natural disasters. Jen kicked things off talking about all things ransomware to include preparedness items, the recent Hive takedown, the importance of reporting, and ways to protect yourself. Dave then joined Andy to talk about the third-wheel in the all-hazards preparedness model - weather and natural disasters, especially in light of the recent earthquake in Turkey. The roundtable took a split approach to the end of pod questions talking about marathon's, some show dilemmas and the arc of Paul Rudd!US Secret Service: New Secret Service Research Examines for the First Time Five Years of Mass Violence Data, 25 Jan Washington Post: N. Carolina church says it lost nearly $800K in email scam, 28 Jan NWS: Hurricane Matthew in the Carolinas: October 8, 2016, page created: 29 Sep 2017, last updated: 26 Aug 2021
Ransomware and Cyber News:Bleeping Computer: VMware warns admins to patch ESXi servers, disable OpenSLP service, 06 Feb Bleeping Computer: Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide, 03 Feb Risky Business News: Risky Biz News: Ransomware wave hits thousands of VMWare ESXi servers, 06 Feb CISA: VMware Releases Security Update for VMware vRealize Operations, 1 Feb Canadian Centre for Cyber Security: VMware security advisory (AV23-066), 3 Feb Ransomware! Webinar, REGISTER NOW! Ransomware: Planning and Protecting Your Organization, Recorded Future & Gate 15, 14 Feb
Weekly Security Sprint EP 6. DDoS, ransomware, targeted violence, and maybe some balloon talk.
In this week's Security Sprint, Dave and Andy talked about the following topics:
Ransomware:Bleeping Computer: Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide, 3 Feb Risky Business News: Risky Biz News: Ransomware wave hits thousands of VMWare ESXi servers, 06 Feb CISA: VMware Releases Security Update for VMware vRealize Operations, 1 Feb Canadian Centre for Cyber Security: VMware security advisory (AV23-066), 3 Feb Valentine’s Day 2023, :sparkling_heart: and Ransomware! Webinar, REGISTER NOW! Ransomware: Planning and Protecting Your Organization, Recorded Future & Gate 15, 14 Feb
DDoS:Radware, Passion: A Russian Botnet, 31 Jan Bleeping Computer, New DDoS-as-a-Service platform used in recent attacks on hospitals, 01 Feb The Record: Customizable new DDoS service already appears to have fans among pro-Russia hacking groups, 03 Feb
Faith-Based Security:Fox 5, Las Vegas: Man threatened mass shooting at Las Vegas synagogue, police say, 31 Jan ABC 7 News: SFPD arrest man suspected of firing blank rounds inside synagogue, bringing gun into theater, 05 Feb Chinese Balloons: US DOD: Statement From Secretary of Defense Lloyd J. Austin III, 04 Feb And see the Gate 15 SUN from Friday and Monday for numerous links.
Baking in Cybersecurity:Foreign Affairs: Stop Passing the Buck on Cybersecurity; Why Companies Must Build Safety Into Tech Products, 01 Feb Washington Post Cybersecurity 202: How CISA plans to get tech firms to bake security into their products, 06 Feb
Others:FBI: Elicitation Techniques, 31 Jan Voice of America, Russia Developing Weapons to Target Critical Subsea Cables, Pipelines, 02 Feb Reuters: Huge earthquake kills 2,600 in Turkey and Syria, bad weather worsens plight, 06 Feb