The Gate 15 Podcast Channel Gate 15

On the latest episode of the Security Sprint, Andy bails Dave out on some technology issues and they work through it to cover the following topics.
FBI IC3 Report: 

FBI Internet Crime Report 2022 (PDF) & Report Statistics 
Risky Biz News: BEC loses top spot in FBI Internet Crime report, 12 Mar 

Physical Security: NJ [.] com: 

Man yelled ‘white lives matter,’ threw smoke bombs at N.J. church’s anti-racism concert, 06 Mar 
Michigan Man Arrested and Charged For Illegally Possessing Firearms While Making Threats to Kill Government Officials, 10 Mar
Florida neo-Nazis who projected a swastika on a downtown building say the hysteria over drag queens is helping them recruit people, 10 Mar

ODNI Annual Threat Assessment: 

'ODNI Releases 2023 Annual Threat Assessment of the U.S. Intelligence Community and see here, PDF report, and U.S. Senate Hearing 08 Mar 
Risky Biz News: ODNI report highlights China as the US’ biggest cyber threat, 09 Mar 

SVB: 

Statement from President Joe Biden on Actions to Strengthen Confidence in the Banking System 
READOUT: Financial Stability Oversight Council Meeting on March Federal Reserve Board - Federal Reserve Board announces it will make available additional funding to eligible depository institutions to help assure … 
Federal Reserve Board - Joint Statement by Treasury, Federal Reserve, and FDIC 
Silicon Valley Bank: why did it collapse and is this the start of a banking crisis? 
In historic last-minute deal, HSBC acquires Silicon Valley Bank UK, says all depositors’ money is safe 
Silicon Valley’s surreal weekend 
SVB’s ventures are taken apart in China, UK after US bank’s collapse 

Other Cybersecurity Updates: 

Cyber Incident Reporting Framework: Global Edition (PDF) 
NBC: Data breach hits ‘hundreds’ of lawmakers and staff on Capitol Hill, 08 Mar 
CNN: Hundreds of US lawmakers and staff affected by data breach, 08 Mar 
WaterISAC: Threat Awareness – Keep Our Eyes on Emotet, 09 Mar 
Cofense: Emotet Sending Malicious Emails After Three-Month Hiatus, 07 Mar 
WIRED: The Era of Faked CCTV Has Truly Arrived, 07 Mar 
Washington Post: Cyberattacks Are Just One Part of Hybrid Warfare, 07 Mar 

Ransomware: 

WIRED: Ransomware Attacks Have Entered a ‘Heinous’ New Phase, 13 Mar 
Security Scorecard: ESXi Ransomware - A case study of Royal Ransomware Prepared by: Vlad Pasca, Senior Malware & Threat Analyst 
Sentinel Labs: IceFire Ransomware Returns; Now Targeting Linux Enterprise Networks, 09 Mar 

John Cena: Cybersecurity Enthusiast (?): @CenaOnSecurity 
Gate 15's upcoming Blue Jeans Workshop: Addressing MDM Threats While Protecting Free Speech

In the latest episode of the Risk Roundtable, Andy and Dave welcome in Tracy Maleef as they went through the latest security news. Tracy kicked things off by looking at a new scam reported on by the Better Business Bureau involving craft fairs (is there no place that's safe). Then the roundtable took turns looking at the recently released National Cybersecurity Strategy and what it means for individuals and organizations, especially around training and information sharing. Andy used the release to also discuss corresponding actions that the EPA is taking to improve the resiliency of the water system. Tracy then transitioned back to other types of scams and how Artificial Intelligence is even getting into the scam business targeting individuals pretending to be loved ones and how safe words could be an effective mitigating factor. Dave wrapped things up with a quick hit on venue security to which the group discussed how this is not strictly a physical security problem, but in fact a blended threat. Andy put the finishing touches on the pod with his three questions (no comment on the new CISA website redesign).

National Cybersecurity Strategy: 

White House: FACT SHEET: Biden-⁠Harris Administration Announces National Cybersecurity Strategy, 02 Mar 
Gizmodo: I Read the Biden Administration’s New Cyber Policy So You Don’t Have To, 04 Mar 
US House Committee on Homeland Security: Green, Garbarino Statement on the Release of the National Cybersecurity Strategy, 02 Mar 
Risky Biz News: White House unveils National Cybersecurity Strategy, 02 Mar 
HS Today: COLUMN: A Shared Accountability Approach to Cyber Defense, by Bob Kolasky, 02 Mar 
CISA Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address, 27 Feb
Industrial Cyber: National Cybersecurity Strategy sets its eyes on improving security, resilience across critical infrastructure, 03 Mar 
WSJ: Cisco Chief Says Tech Products Must Be Made More Secure, 02 Mar 

Water Cybersecurity: 

EPA: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems, 03 Mar 
Risky Biz News: EPA releases cybersecurity guidance for US public water sector, 05 Mar 
CNN: US introduces new rules to protect water systems from hackers, 03 Mar 
CyberScoop: EPA issues water cybersecurity mandates, concerning industry and experts, 03 Mar 
SC Media: EPA memo pushes states to include cybersecurity in water safety reviews, 03 Mar 
Industrial Cyber: EPA issues memorandum to address PWS cybersecurity using sanitary surveys, improve resilience, 06 Mar 

Venue Security: 

AP: 1 dead, 9 hurt in stampede at GloRilla concert in New York, 06 Mar 
Dr. G K Still on Twitter, ‘Teaching crowd safety/risk analysis around the world. Consulting and expert witness experience help develop better teaching and training courses.’ International Association of Venue Managers’ (IAVM) Academy of Venue Safety and Security (AVSS) 

Scams: BBB Scam Alert: 

Think twice before filling out craft fair applications, 03 Mar 
Washington Post: They thought loved ones were calling for help. It was an AI scam., 05 Mar

In this week's Security Sprint, Dave and Andy talked about the following topics:

National Cybersecurity Strategy: 


White House: FACT SHEET: Biden-⁠Harris Administration Announces National Cybersecurity Strategy, 02 Mar 
Gizmodo: I Read the Biden Administration’s New Cyber Policy So You Don’t Have To, 04 Mar 
US House Committee on Homeland Security: Green, Garbarino Statement on the Release of the National Cybersecurity Strategy, 02 Mar 
Risky Biz News: White House unveils National Cybersecurity Strategy, 02 Mar 
CISA Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address, 27 Feb
Industrial Cyber: National Cybersecurity Strategy sets its eyes on improving security, resilience across critical infrastructure, 03 Mar 
WSJ: Cisco Chief Says Tech Products Must Be Made More Secure, 02 Mar 

Water Cybersecurity: 


EPA: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems, 03 Mar 
Risky Biz News: EPA releases cybersecurity guidance for US public water sector, 05 Mar 
CNN: US introduces new rules to protect water systems from hackers, 03 Mar 
CyberScoop: EPA issues water cybersecurity mandates, concerning industry and experts, 03 Mar 
SC Media: EPA memo pushes states to include cybersecurity in water safety reviews, 03 Mar 
Industrial Cyber: EPA issues memorandum to address PWS cybersecurity using sanitary surveys, improve resilience, 06 Mar 

Homeland Security:


Greek Protests: https://www.bbc.com/news/world-europe-64820085
South Korean Protests: https://www.bbc.com/news/world-asia-64858944
HS Today: DHS at 20: Mission Poised ‘to Grow Even More Complex’ as New Threats May Pose ‘Even Greater Potential for Harm,’ 01 Mar 
Politico: Documents: DHS has a domestic-intelligence program, 06 Mar 
NIJ: Assessing Risk of Terrorist Acts by Looking at Location Data and Demographic and Social Characteristics, 27 Feb 
HS Today: National Institute of Justice Examines Link Between Location of Terrorists and Risk of Terrorism, 27 Feb 

Cybersecurity & Ransomware: 


VulnCheck: The VulnCheck 2022 Exploited Vulnerability Report - A Year Long Review of the CISA KEV Catalog, 02 Mar 
Recorded Future: 2022 Annual Report, 02 Mar 
HS Today: Cyber Threat Trends to Watch This Year as Forecast by MS-ISAC, 02 Mar 
Bleeping Computer: Play ransomware claims disruptive attack on City of Oakland, 03 Mar 
CBS Bay Area: Ransomware hackers release some stolen Oakland data, 04 Mar 

Other: Gizmodo: Yikes, the U.S. Is Now Using Facial Recognition Rigged Drones for Special Ops, 27 Feb

In the latest Security Sprint Dave and Andy cover the following topics:
Extremism:

ADL: Murder and Extremism in the United States in 2022, 22 Feb
Bridget Johnson in HS Today: Jewish Community, Law Enforcement Respond with Preparedness, Unity to Extremists’ ‘National Day of Hate,’ 24 Feb
ABC 6 Action News: Philadelphia mosque vandalized with paint; suspect wanted, 27 Feb

Blended Threats:

CNN: Cyberattack on food giant Dole temporarily shuts down North America production, company memo says, 22 Feb
Gate 15: Blended Threats to Hospitals: A Growing Concern, 21 Feb
Newsweek: Russian Media Hack Hits During Putin Speech, 21 Feb

Information Operations:

Graphika: How to Lose Influence and Alienate People, 23 Feb
Meta: Meta’s Ongoing Efforts Regarding Russia’s Invasion of Ukraine, 22 Feb 2022

Others:

The Record at Recorded Future: Oakland says 311, business license systems still down, but National Guard is helping, 24 Feb
Cybersecurity 202: Federal panel says agencies need to focus on harmonizing cyber regulations, 22 Feb
Malwarebytes: Royal Mail schools LockBit in leaked negotiation, 23 Feb

In this episode of The Gate 15 Interview, Andy Jabbour visits with Rachel Tobac, (She/Her), CEO, SocialProof Security, Friendly Hacker. Rachel is a hacker and the CEO of SocialProof Security where she helps people and companies keep their data safe by training and pentesting them on social engineering risks. Rachel was also 2nd place winner of DEF CON’s wild spectator sport, the Social Engineering Capture the Flag contest, 3 years in a row. Rachel has shared her real life social engineering stories with NPR, Last Week Tonight with John Oliver, The New York Times, Business Insider, CNN, NBC Nightly News with Lester Holt, Forbes and many more. In her remaining spare time, Rachel is the Chair of the Board for the nonprofit Women in Security and Privacy (WISP) where she works to advance women to lead in the fields.

On Twitter: @RachelTobac and see @SocialProofSec & @WISPorg
On Mastodon: http://infosec.exchange/@racheltobac

In the discussion we address:

Rachels’ superhero origin story and her company, SocialProof Security
Women in Security and Privacy (WISP)
Hacking. Hacking. Hacking.
Twitter and Baking Security In
And a little on horror, time travel and Twin Peaks!

A few references mentioned in or relevant to our discussion include:

SocialProof Security
Women in Security and Privacy (WISP) - Advancing Women To Lead The Future Of Privacy And Security.
CNN: We asked a hacker to try and steal a CNN tech reporter’s data. Here’s what happened, 18 Oct 2019
CNN, three years later (2022): 'Don't use the same password': Watch how easy it was to hack this CNN reporter
Aura: Hacking A Billionaire, with Rachel Tobac
Yubico: Uber Hack Reenactment Video, with Rachel Tobac
Twitter: An update on two-factor authentication using SMS on Twitter, 15 Feb 2023
Rachel’s Twitter Thread regarding the announcement
CISA Director Jen Easterly’s Twitter Thread regarding the announcement
The Hill on Which Rachel will die, on Twitter
And check out SocialProof Security merch on Etsy; Gear for The Politely Paranoid (the stickers are awesome and on Andy’s laptop…)

In the latest episode of Nerd Out, Dave is joined by Bridget Johnson and Joe Levy as they talked about some of the hostile events to date in 2023 and looked ahead to the coming faith-based holidays and celebrations in the coming months. Bridget talked about the California shootings and the power of copy cats, while Joe focused attention on the various ways that organizations can deploy security protocols to reduce risk. The nerds then took a look ahead at the upcoming religious holidays and what that might mean for accelerationists and other hate-based groups. Joe then wrapped up talking about the upcoming AVSS event that is coming up in Pittsburg. Registration Information can be found here: https://iavm.org/events/avss/ 

Joe Levy is the chairman of the International Associate of Venue Managers (IAVM) Venue Safety and Security Committee. In addition, Joe is the Chief Operating Officer at the Usdan Center for the Creative & Performing Arts. IAVM website https://www.iavm.org/ Venue Safety and Security committee contact information: vssc@iavm.org; LinkedIn Profile: https://www.linkedin.com/in/joelevy1/

Bridget Johnson is the Managing Editor for Homeland Security Today. In addition her contributions on Homeland Security Today (hstoday.us), they are also running a series of webinars (Webinar signups, https://www.eventbrite.com/e/le-only-anti-government-extremists-who-they-are-how-to-combat-them-tickets-144507635227?aff=ebdsoporgprofile). Twitter: @BridgetCJ