The Gate 15 Podcast Channel Gate 15

In this week's Security Sprint, Dave and Andy talked about the following topics.

Warm Start:

Tribal-ISAC merch! 
National Security Memorandum on Critical Infrastructure Security and Resilience. 
Biden-Harris Administration Announces New National Security Memorandum to Strengthen U.S. Department of Energy’s Role in Ensuring Security and Resilience Across America’s Energy Sector
Biden signs new memo to boost security of US critical infrastructure
White House announces new policy guiding infrastructure protection

 
Verizon 2024 Data Breach Investigations Report

Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways
Verizon DBIR: Enterprises Know The Pain Of Zero Day Exploits All Too Well
Verizon’s 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities
Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA’s KEV Catalog
Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find
Forescout: Exposing the exploited: Analyzing vulnerabilities that live in the wild

 
Info Ops

Russia is trying to exploit America's divisions over the war in Gaza; The effort includes artificial intelligence, fake social media accounts and a spike in state-sponsored Russian propaganda
NewsGuard: Russia-Ukraine Disinformation Tracking Center: 477 Websites Spreading War Disinformation And The Top Myths They Publish
Campus Protests Give Russia, China and Iran Fuel to Exploit U.S. Divide; America’s adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.

 
Hurricane Preparedness. A Proclamation on National Hurricane Preparedness Week, 2024.

Oklahoma and Kansas at High Risk of Extreme Storms and Tornadoes
Heavy rains ease around Houston but flooding remains after hundreds of rescues and evacuations
Dashcam shows tornado obliterate Nebraska building
Nebraska tornado survivor recounts mayhem: 'The windows exploded and glass was flying everywhere'


Death toll from southern Brazil rainfall rises to 78, many still missing

 
China & Resilience! 

SAVE THE DATE! CISA Hosts CISA Live! – “People’s Republic of China Cyber Threats and What We Can Do”. On Wednesday, May 15, we will host our next CISA Live! - “People’s Republic of China Cyber Threats and What We Can Do” 
Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats to America’s Small Businesses.

 
Quick Hits

Australian police shoot dead 'radicalized' teen
Germany Travel Advisory-Level 2: Exercise Increased Caution-May 1, 2024
Sweden “On Terror Level Four” As Security Is Tightened A Week Before Eurovision Song Contest
Bird flu's wild range; Counties where avian flu has been detected in wild mammals since 2022


House Energy and Commerce Committee: What We Learned: Change Healthcare Cyber Attack


French cyberwarriors ready to test their defense against hackers and malware during the Olympics
The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States
FBI Releases 2023 Elder Fraud Report with Tech Support Scams Generating the Most Complaints and Investment Scams Proving the Costliest


CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
Communication gaps between IT departments and senior corporate leadership worsening application security risks
SBOM Sharing Primer
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
Maersk says Red Sea disruption will cut capacity by 15-20% in second quarter
Chinese-Made Surveillance Cameras Are Spreading Across Eastern Europe, Despite Security Concerns


Wichita government shuts down systems after ransomware i

Jennifer Lyn Walker returns to the Security Sprint and partners with Dave on the following topics.
Protests.

CNN: https://www.cnn.com/business/live-news/university-protests-palestine-04-29-24/h_5c66b0505df54a3db5b57e3949161257


AP: https://apnews.com/article/israel-palestinian-campus-student-protests-war-8b0d3a0cedb17f5e892c6ca43bbdf628?taid=6630becafd4f33000168594c&utm_campaign=TrueAnthem&utm_medium=AP&utm_source=Twitter


National Small Business Week, Take Steps to Secure Your Business

During National Small Business Week, Take Steps to Secure Your Business https://www.cisa.gov/news-events/news/during-national-small-business-week-take-steps-secure-your-business
Secure Your Business https://www.cisa.gov/secure-our-world/secure-your-business


Severe Weather.

Tornados. NBC: ⁠https://www.nbcnews.com/news/weather/overnight-tornadoes-storms-leave-heavy-destruction-nebraska-iowa-rcna149658⁠
https://apnews.com/video/oklahoma-tornadoes-natural-disasters-ef4b5e6696bf47d69a869102f5b7a441
Hurricanes. https://engr.source.colostate.edu/researchers-predicting-well-above-average-2024-atlantic-hurricane-season/


Lots of Water…

DHS asked to consider potentially 'devastating’ impact of hacks on rural water systems https://therecord.media/water-utility-cyberattacks-lawmakers-letter-to-dhs
Director Wray's Remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats https://www.fbi.gov/news/speeches/director-wrays-remarks-at-the-vanderbilt-summit-on-modern-conflict-and-emerging-threats


Quick Hits.

https://www.thebaltimorebanner.com/education/k-12-schools/eric-eiswert-ai-audio-baltimore-county-YBJNJAS6OZEE5OQVF5LFOFYN6M/
Vulnerabilities – PAN OS & Siemens RUGGEDCOM; Cisco


Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability https://www.securityweek.com/siemens-industrial-product-impacted-by-exploited-palo-alto-firewall-vulnerability/
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
 
Scams
Japanese police create fake support scam payment cards to warn victims https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/
FBI warns of massive wave of road E-Z Pass - toll SMS phishing attacks https://www.bleepingcomputer.com/news/security/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks/
Researchers find dozens of fake E-ZPass toll websites after FBI warning https://therecord.media/researchers-find-dozens-of-ezpass-spoofs
 
AI
6 security items that should be in every AI acceptable use policy https://www.csoonline.com/article/2093806/6-security-items-that-should-be-in-every-ai-acceptable-use-policy.html
 
Misc (didn’t get to, but providing for bonus)
Top 10 physical security considerations for CISOs https://www.csoonline.com/article/566635/what-is-physical-security-how-to-keep-your-facilities-and-devices-safe-from-on-site-attackers.html

In this episode of The Gate 15 Interview, Andy Jabbour welcomes Curtis E. Tilley, Branch Chief, Training, Office for Bombing Prevention (OBP), Cybersecurity and Infrastructure Security Agency (CISA).
· Curtis on https://www.linkedin.com/in/curt-tilley-0089b6b2/.
- Those who want to engage with the DHS Office of Bombing Prevention may email at mailto:obp@cisa.dhs.gov.

In the discussion we address:
- OBP’s background.
- Some bomb threat and IED history.
- The enduring threat and challenge of the IED threat.
- Preparedness and resources.
- How to contact OBP.
- We talk about what’s on Curt’s mind.
- We play Three Questions and talk Macho Man Randy Savage, being the big man on campus, serving our communities and more!

A few references mentioned in or relevant to our discussion include:
- https://www.hstoday.us/subject-matter-areas/emergency-preparedness/profiles-in-excellence-curtis-tilley-branch-chief-office-for-bombing-prevention-cisa/ (13 Mar 2023)
- Watch the discussion noted above https://youtu.be/NhWHpE2kEs8
- http://www.cisa.gov/obp
- https://www.youtube.com/watch?v=xUgLIIduLWY
- https://www.cisa.gov/
- https://www.dni.gov/nctc/timeline.html

In the latest episode of the Security Sprint, Dave and Andy talked about the following topics.

Warm Start
·       CISA Announces 9th Cyber Storm National Exercise. The Cybersecurity and Infrastructure Security Agency (CISA) is hosting its ninth iteration of the Cyber Storm (CS IX) Cyber Exercise. It’s the nation’s largest cyber exercise designed to improve the cybersecurity posture of our nation’s critical infrastructure. Through extensive planning, this exercise strengthened cybersecurity preparedness and response capabilities through exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure. For more information and resources, visit Cyber Storm IX: National Cyber Exercise | CISA & Cyber Storm IX: National Cyber Exercise | CISA

FB-ISAO: Best Practices for Securing Your Router / Wi-Fi
'NCSC Cyber Series' podcast now available on Spotify

 
Main Topics: 
US 911 emergency call line outage resolved in some areas

The PRC has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist…

Director Wray's Remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats


FBI says Chinese hackers preparing to attack US infrastructure
Gallagher’s ominous farewell
Chinese Government Poses 'Broad and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says


UK: Government cracks down on ‘deepfakes’ creation

“Proactive De-escalation”
 
Quick Hits
·       Russian US election interference targets support for Ukraine after slow start
·       Microsoft: Nation-states engage in US-focused influence operations ahead of US presidential election
·       Information operations will be ‘foundational’ to future DOD efforts, Cybercom chief says
·       How A.I. Tools Could Change India’s Elections
·       Google: Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
·       Secret Russian foreign policy document urges action to weaken the U.S.
·       RAND: Generative Artificial Intelligence Threats to Information Integrity and Potential Policy Responses
·       Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations
·       Montgomery Co. student charged with threats of mass violence after police discover disturbing ‘manifesto.’
·       CISA and Partners Release Advisory on Akira Ransomware
·       FBI: Akira ransomware raked in $42 million from 250+ victims
·       Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities
·       FACT SHEET: Biden-⁠Harris Administration Releases Strategy to Strengthen Global Health Security
·       U.S. Government Global Health Security Strategy 2024 (PDF)
·       Undersea ‘hybrid warfare’ threatens security of 1bn, Nato commander warns
·       Joint Guidance on Deploying AI Systems Securely
·       UK NPSA: Personal Safety and Security for High-Risk Individuals
·       840-bed hospital in France postpones procedures after cyberattack
·       Cloudflare: DDoS threat report for 2024 Q1
·       Hearing - Held for Ransom: How Ransomware Endangers Our Financial System. See the full hearing video on YouTube.
·       Ex-White House cyber official says ransomware payment ban is a ways off
·       Top officials again push back on ransomware payment ban
·       Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse
·       UnitedHealth Group reports that the Change Healthcare ransomware attack has had an $872 million financial hit on its business so far
·    

In the latest episode of Nerd Out, Dave welcomes in Alec Davison as his partner in crime for the podcast. After they get through the excitement of the latest Taylor Swift album, they talked through the latest activity in the Middle East and what it could mean domestically. Then they looked at the latest news related to the U.S. election including the recent incident outside of the Trump trial and potential concerns that may play out over the course of the year especially related to mis/dis/mal-information.

They wrap up the pod with some real nerd discussions on Star Wars and what the new series has to offer!

Alec Davison is the Lead Analyst at the Water Information Sharing and Analysis Center (WaterISAC). In addition, he works as a Risk Analyst at Gate 15. He holds an M.A. in Security Policy Studies from George Washington University.

Some of the resources discussed in the pod include:

https://www.cisa.gov/resources-tools/resources/personal-security-considerations-action-guide
https://www.cisa.gov/resources-tools/resources/preventing-workplace-violence-security-awareness-considerations-infographic
https://www.dni.gov/files/NCTC/documents/jcat/firstresponderstoolbox/89s_-_Violent[…]il_Unrest_and_Public_Assemblies_in_the_United_States-survey.pdf

Mobilization/SARs

https://www.dni.gov/files/NCTC/documents/news_documents/Mobilization_Indicators_Booklet_2021.pdf
https://www.dhs.gov/nationwide-sar-initiative-nsi

Info sharing communities

https://www.dhs.gov/fusion-centers
https://www.nationalisacs.org/

In this week's Security Sprint, Dave and Andy discussed the following topics:
Warm Start

 Palo Alto Command Injection Vulnerability in PAN-OS GlobalProtect
'Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Volexity on GitHub Adding content for Palo Alto Networks GlobalProtect post
Palo Alto Networks Security Advisories CVE-2024-3400 CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect
Palo Alto: Applying Vulnerability Protection to GlobalProtect Interfaces
Compromise of Sisense Customer Data
Brian Krebs: Why CISA is Warning CISOs About a Breach at Sisense
Sisense customers told to reset credentials amid supply chain attack fears
Risky Biz News: Sisense breach has CISA and everyone else panicking

 
Main Topics:
Israeli war cabinet to meet again to consider response to Iran’s attack
o   Iran Issues Fresh Threat to U.S.
o   US will not take part in any Israeli retaliatory action against Iran
o   The Latest | World leaders urge Israel not to retaliate for the Iranian drone and missile attack
o   U.S. details Pentagon’s role in defending Israel from Iranian attack
o   Analysis: Israel Repelled Iran’s Huge Attack. But Only With Help From U.S. and Arab Partners.
 
Idaho Man Arrested for Attempting to Provide Material Support to ISIS

Idaho teen arrested for allegedly plotting to attack church in name of ISIS


What we know about Clenard Parker, the man accused of driving into a Brenham DPS office
'Obvious' Sydney killer targeted women - Australian police.
Man who confronted attacker with bollard and other bystanders praised for heroic acts during Bondi stabbings.
Stabbing rampage at Sydney mall leaves at least 7 dead, including attacker
Sydney stabbing: Police say no ideological motivation
English Tutor Identified as Mall Stabbing Attacker Left Behind Disturbing Facebook Post
Sydney knife attacker Joel Cauchi 'had worked as male escort' before Bondi shopping centre stabbing
False claims started spreading about the Bondi Junction stabbing attack as soon as it happened


Posture Statement of General Timothy D. Haugh 2024. “ Beijing, Moscow, and Tehran increasingly use social media and state-sponsored disinformation sites, both overt and covert, to shape narratives and sow confusion..."


Chinese nationalist trolls pretend to be Trump supporters ahead of US elections

 
Quick Hits:

UK NPSA: Personal Safety and Security for High-Risk Individuals
Delaware Woman Arrested for International Sextortion and Money Laundering Scheme
LastPass: Hackers targeted employee in failed deepfake CEO call
UNSW: World-first Cybercrime Index ranks countries by cybercrime threat level
Google Insider Threat: https://www.justice.gov/opa/pr/chinese-national-residing-california-arrested-theft-artificial-intelligence-related-trade
Director Wray's Remarks to the ABA Standing Committee on Law and National Security
Russia thwarts planned terrorist attack on Moscow Synagogue
Change Healthcare breach data may be in hands of new ransomware group
Politico: Grassley knocks agencies slacking on cyber
CISA & FBI: Transitioning to .Gov: Helping Mitigate Election Office Cybersecurity and Impersonation Risks
CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat / CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System. 
CDC Data Modernization Efforts Accelerate Nation’s Ability to Detect and Rapidly Respond to Health Threats
The Black Market That Delivers Elon Musk’s Starlinks to U.S. Foes
China's attacks on U.S. infrastructure aren't going anywhere
Police Scour LockBit Ransomware Evidence, Turning Up 200 Leads
TLP:CLEAR | FB-ISAO Newsletter
Man on terror watchlist