Weekly Security Sprint EP 22. Cyber and Physical Reports Galore, plus some disrupted hostile events.

In this week's Security Sprint, Dave and Jen talk about the following topics: BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces. https://www.cisa.gov/news-events/alerts/2023/06/13/cisa-issues-bod-23-02-mitigating-risk-internet-exposed-management-interfaces Volt Typhoon https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a Hostile Event Arrests. Austria LGBTQ+ Parade Arrests. https://www.bbc.com/news/world-europe-65944514?at_link_type=web_link&at_medium=social&at_ptr_name=twitter&at_link_id=948A7BFE-0DDC-11EE-90F5-49B87E934D9D&at_campaign_type=owned&at_link_origin=BBCWorld&at_bbc_team=editorial&at_format=link&at_campaign=Social_Flow Synagogue Attack Arrest. https://www.foxnews.com/us/michigan-19-year-old-planned-synagogue-mass-shooting-fbi-claims MOVEit. https://www.cisa.gov/news-events/alerts/2023/06/15/progress-software-releases-security-advisory-moveit-transfer-vulnerability Millions of Oregon, Louisiana state IDs stolen in MOVEit breach https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/ Great recap: CVE-2023-34362: MOVEit Vulnerability Timeline of Events (Last updated at Fri, 16 Jun 2023 15:18:17 GMT) https://www.rapid7.com/blog/post/2023/06/14/etr-cve-2023-34362-moveit-vulnerability-timeline-of-events/ Friday - The Cybersecurity 202: The MOVEit ransomware reckoning has begun https://www.washingtonpost.com/politics/2023/06/16/moveit-ransomware-reckoning-has-begun/ MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately” https://nakedsecurity.sophos.com/2023/06/15/moveit-mayhem-3-disable-http-and-https-traffic-immediately/https://www.helpnetsecurity.com/2023/06/19/cve-2023-35708/https://www.washingtonpost.com/technology/2023/06/16/moveit-ransomware-attack/ TE-SAT. European Union Terrorism Situation and Trend Report 2023 (TE-SAT) which provides the most comprehensive and up-to-date intelligence picture on terrorism in the European Union. Quick Hits Verizon Data Breach investigations report comes out tomorrow LockBit CSA ⁠https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a⁠ Baseboard Management Controller (BMC) ⁠https://media.defense.gov/2023/Jun/14/2003241405/-1/-1/0/CSI_HARDEN_BMCS.PDF⁠ Proofpoint’s 2023 Human Factor Report ⁠https://www.proofpoint.com/us/blog/threat-insight/2023-human-factor-analyzes-evolving-threats-attack-chain⁠ A pretty good overview on Proofpoint’s 2023 Human Factor Report: Cybercriminals return to business as usual in a post-pandemic world ⁠https://www.helpnetsecurity.com/2023/06/16/post-pandemic-threat-landscape/⁠ How a Shady Chinese Firm’s Encryption Chips Got Inside the US Navy, NATO, and NASA Las Vegas police foil Stanley Cup terror threat hours before Golden Knights win PERSPECTIVE: The Rising Incel Terrorism Threat and the Broader Problem of Misogynistic Violence Why connected cars are the next frontier in cybersecurity New Food and AG-ISAO. Food Producers Band Together in Face of Cyber Threats CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities. Forrester: Ransomware, Business Email Compromise and AI Among Top Cybersecurity Threats in 2023 Real Estate Firm Hack Affects 319,500 Patients, Employees; Owner of Addiction Treatment Centers, Medical Offices and Hotels Hit by Ransomware GAO: Violent Extremism and Terrorism: Agencies Can Take Additional Steps to Counter Domestic Threats, GAO-23-106758 ‘More extreme, more violent’: experts’ warning over khaki-clad Patriot Front; Their button-up shirts and chinos have prompted mockery but experts say the far-right group is becoming increasingly violent