Cyber Risk Update 2 JUN 2023
Cyber Risk Update 2 JUN 2023 https://www.learnsecurity.org/single-post/cyber-risk-update-2-jun-2023
Local Government Cyber Watch discord server. This server is focused on cybersecurity collaboration with local government stakeholders. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V
Community
What's up with the Hawaiian shirts? https://www.learnsecurity.org/single-post/what-s-up-with-the-hawaiian-shirts
Tabletop Exercises
Demystifying Cyber Tabletop Exercises https://www.learnsecurity.org/single-post/demystifying-cyber-tabletop-exercises
Building Resilience: Exploring the Benefits of Cyber Tabletop Exercises https://www.learnsecurity.org/single-post/building-resilience-exploring-the-benefits-of-cyber-tabletop-exercises
Cyber Breaches
Disruptions to city services continue in Augusta, Ga., and Dallas. The cities are investigating whether information was stolen in separate cyber incidents this month. The BlackByte ransomware group claimed to have taken data from Augusta. (The Register) In Dallas, municipal courts are expected to reopen Tuesday after being closed since May 3 due to a network outage. The Royal hacker group claimed responsibility. https://www.theregister.com/2023/05/26/blackbyte_augusta_malware/
The London City Airport website was down for a few hours Sunday after an apparent cyberattack. A Russian hacktivist group called NoName said it launched the attack, which an airport spokesman said didn't affect operations, Simple Flying reported. The pro-Russia Killnet hacker group conducted similar attacks on U.S. airport websites in 2022. https://simpleflying.com/investigation-launched-london-city-airport-website-hacked/
Hack at Florida elections office: An intrusion into the network of the Hillsborough County Supervisor of Elections Office exposed data about 58,000 voters, the office said Wednesday. The hacker copied a voter-registration list and didn't access the registration system itself or the county's ballot tabulation system. https://www.tampabay.com/news/breaking-news/2023/05/31/hillsborough-elections-hack-cyber-crimes-private-information-voters/
Litigation
Oakland, Calif., Hit With Lawsuit After Ransomware Attack https://www.govtech.com/security/oakland-calif-hit-with-lawsuit-after-ransomware-attack
Webinars
CJPRMA Cyber Risk Update Spring 2023 and Cyber Risk Oversight https://youtu.be/sYK7Hp3N5XU
Events
Free KC7 Blue Team Cyber Challenge 06/10/23 0900 hrs. No experience or VM needed. Test the Cyber Analyst waters! https://www.eventbrite.com/e/blue-team-cybersecurity-challenge-june-2023-with-kc7-tickets-644603716067
Things to Avoid
CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-urges-organizations-incorporate-fcc-covered-list-risk-management-plans
Awareness
Cybersecurity Counts: 7 Ways to Motivate Employees to Care. Cyberattacks have become an all-too-prevalent reality in today’s business landscape. In fact, cyberattacks increased by 38% in 2022 alone. This means every company should have a cybersecurity plan in place to prepare for the worst, in case it happens. https://talentculture.com/cybersecurity-counts-motivating-employees-to-care/
Insider Risks
Insider risk management: Where your program resides shapes its focus. Choosing which department should be responsible for protecting an organization from threats from within isn’t always straightforward. https://www.csoonline.com/article/3697689/insider-risk-where-your-management-program-resides-shapes-its-focus.html
Nation States
Apple denies it hacked iPhones in Russia. Apple said it hasn't worked with any government to install backdoor access or spyware on the phones of Russian users, as Russian intelligence agency Federal Security Service claimed Thursday. https://www.reuters.com/technology/apple-denies-surveillance-claims-made-by-russias-fsb-2023-06-01/
N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT https://thehackernews.com/2023/06/n-korean-scarcruft-hackers-exploit.html
North Korea Using Social Engineering to Enable Hacking of Think Tanks, Academia, and Media https://discord.com/channels/1096954570611101837/1096970894829690961/1114226644379512844
Mis-dis-malinformation
Deepfaking it: America's 2024 election collides with AI boom. "I actually like Ron DeSantis a lot," Hillary Clinton reveals in a surprise online endorsement video. "He's just the kind of guy this country needs, and I really mean that." https://www.reuters.com/world/us/deepfaking-it-americas-2024-election-collides-with-ai-boom-2023-05-30/
Banned Software
Report: TikTok storing creators' personal data in China. TikTok reportedly is storing data, including Social Security numbers and tax identification data from its star content creators and businesses, in China -- contrary to statements its CEO made to Congress. The disclosures obtained by Forbes cite internal communications within the company, documents marked confidential and unidentified sources. https://www.forbes.com/sites/alexandralevine/2023/05/30/tiktok-creators-data-security-china/
Career
A shortage of cybersecurity talent in the market? The solution could be close to home — upskilling and re-skilling non-technical employees. Here are some programs to help make them job-ready. https://www.csoonline.com/article/3697656/upskilling-the-non-technical-finding-cyber-certification-and-training-for-internal-hires.html
Cybersecurity Budget & Staff
Chief information security officers are tasked with managing risks and fixing vulnerabilities with limited funding from organizations. LinkedIn CISO Geoff Belknap says, "In security, if you don't handle your [budget and staffing] constraints well, what you're potentially looking at is your brand is significantly damaged, your customers are at risk." https://www.wsj.com/articles/cybersecurity-leaders-suffer-burnout-as-pressures-of-the-job-intensify-b0609ef1
Comments