The Gate 15 Podcast Channel Gate 15

In this episode of The Gate 15 Interview, Andy Jabbour talks with Mark Herrera, Director of Education for the International Association of Venue Managers (IAVM) and more importantly, with special guest, his granddaughter, Miss Kaylani Herrera, the reigning New Mexico Cinderella State Tot.In the discussion we break from our usual type of Interview to pause and think about talking to our friends and loved ones about having an appropriate security mindset as we head into summer. As we look towards a season of mass gatherings, special events, travel and other situations that may experience security incidents, it’s important to help our loved ones think about the potential of threats, being prepared, and having an age-appropriate security mindset. Mark, Kaylani and Andy address:

The importance of threat and situational awareness.
How to prepare family, not scare them.
Age-appropriate security conversations.
School safety.
And we play Three Questions with Kaylani!

Mark is the Director of Safety and Security for the International Association of Venue Managers and recognized as one of the top 25 most influential leaders in the meetings and event industry. In addition, as the Director of Safety and Security for the International Association of Venue Managers, Herrera represents the Department of Homeland Security Office of Infrastructure Protection as the current Chair for the Public Assembly Facility Sub-Sector Council. Herrera is also a seasoned law enforcement officer and trainer, having spent twenty years with the Hobbs, New Mexico, Police Department. See Mark on LinkedIn for his complete bio. Mark on Instagram.
Miss Kaylani’s Bio. Hi, everyone, my name is Kaylani Herrera. I’m seven years old, currently in the second grade and attend Saint Helena Catholic school. I am your 2023-2024 NM Cinderella state Tot. I recently started competing in the natural pageant world. At my first pageant I was crowned the Lea County overall tot, from there I went on to compete at the state level pageant that was held in June and won the overall New Mexico tot ages 4-6 along with New Mexico State talent competition and first alternate cameo. When I am not busy fulfilling my queen duties, I also am a dancer and Gymnast. I recently competed in my first gymnastics meet and won 4th place overall for my age division. I enjoy spending time with my sister and parents, playing with my dog Dallas as well as talking with my Gpa (Mark Herrera) about how to make the world a safer place.

In this week's Security Sprint, Dave and Andy talked about the following topics:
Main Topics

⁠A Russian Influence Campaign Is Exploiting College Campus Protests⁠
⁠FBI PSA: Foreign Terrorist Organizations and their Supporters Likely Heighten Threat Environment during 2024 Pride Month⁠, May 10, 2024
⁠GW: Majority Of University Protesters Arrested Weren’t Even Students, Police Say⁠
⁠The network behind campus antisemitism⁠
⁠Secret Hamas Files Show How It Spied on Everyday Palestinians⁠


⁠Guidance for organisations considering payment in ransomware incidents⁠

⁠U.S. Charges Russian National with Developing and Operating Lockbit Ransomware⁠
⁠Increase of Lockbit ransomware attacks⁠
⁠Ascension: Network Interruption Update⁠
⁠Fitsec: Welcome to Fitsec's Akira Help⁠

 
First Responders Toolbox: ⁠Violent Extremists’ Use of Generative Artificial Intelligence⁠. =
o   ⁠Statement from NSC Spokesperson Adrienne Watson on the U.S.-PRC Talks on AI Risk and Safety⁠
o   ⁠US, China meet in Geneva to discuss AI risks⁠
 
⁠Faith-Based Daily Awareness Post 13 May 2024⁠
o   ⁠Abbeville: Parishioners stop teen armed with rifle from entering church during Mass⁠
o   ⁠Bomb Squad at Clearlake Baptist Church-Packaged Marked “Bomb” with Swastikas Brought Inside⁠
 
Quick Hits
 
Mass Gatherings Tool (CISA). https://www.cisa.gov/resources-tools/resources/mass-gathering-security-planning-tool
CISA updates:

⁠CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources⁠
⁠Fact Sheet: Biden-⁠Harris Administration Releases Version 2 of the National Cybersecurity Strategy Implementation Plan⁠
⁠Thompson, Swalwell Release Statement on the Biden Administration Releasing the First Cybersecurity Posture of the United States Report⁠
⁠CISA wants ‘high-quality feedback’ for another month on CIRCIA rule⁠

 
Secure by Design:

CISA Unveils New Public Service Announcement – We Can Secure Our World. Today, the Cybersecurity and Infrastructure Security Agency (CISA) is pleased to launch ⁠We Can Secure Our World⁠.
⁠CISA Announces Secure by Design Commitments from Leading Technology Providers⁠
⁠ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies⁠
⁠CERT-NZ: Joint Guidance: Choosing Secure and Verifiable Technologies⁠
⁠CISA Unveils New Public Service Announcement – We Can Secure Our World⁠
⁠CISA boss: Secure code is the 'only way to make ransomware a shocking anomaly'⁠

 
Elections:
o   ⁠Open Hearing: An Update on Foreign Threats to the 2024 Elections⁠
o   ⁠Exclusive: Homeland Security ramping up 'with intensity' to respond to election threats⁠
o   ⁠In Arizona, election workers trained with deepfakes to prepare for 2024⁠
o   ⁠Top FBI Official Urges Agents to Use Warrantless Wiretaps on US Soil⁠
o   ⁠MI: AG Nessel Charges Attorney Stefanie Lambert and Former Adams Township Clerk Scott for 2020 Election Voter Data Breach⁠. 
o   ⁠The Answer to Election Deniers Is in an Idaho County Website⁠
 
RSAC 2024: ⁠Technology and the Transformation of U.S. Foreign Policy⁠

⁠RSAC 2024: US Secretary of State Blinken advocates solidarity, not sovereignty, for cyber⁠
⁠Volt Typhoon operation came up 'directly' in US-China talks, ambassador says⁠
⁠Warner: Lawmakers 'in process' of finding Section 702 fix⁠
⁠Cyber world heads to San Francisco⁠
⁠RSAC 2024: AI adds new dimension to virus detection⁠
⁠RSAC 2024: How to use AI without getting in trouble⁠
⁠Readout of Deputy Attorney General Lisa Monaco’s Trip to California and Participation in the 2024 RSA Cybersecurity Conference⁠


⁠DHS, CISA Announce Membership Changes to the Cyber Safety Review Board⁠
⁠Canadian Centre for Cyber Security⁠ ⁠Common employee IT

In this week's Security Sprint, Dave and Andy talked about the following topics.

Warm Start:

Tribal-ISAC merch! 
National Security Memorandum on Critical Infrastructure Security and Resilience. 
Biden-Harris Administration Announces New National Security Memorandum to Strengthen U.S. Department of Energy’s Role in Ensuring Security and Resilience Across America’s Energy Sector
Biden signs new memo to boost security of US critical infrastructure
White House announces new policy guiding infrastructure protection

 
Verizon 2024 Data Breach Investigations Report

Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways
Verizon DBIR: Enterprises Know The Pain Of Zero Day Exploits All Too Well
Verizon’s 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities
Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA’s KEV Catalog
Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find
Forescout: Exposing the exploited: Analyzing vulnerabilities that live in the wild

 
Info Ops

Russia is trying to exploit America's divisions over the war in Gaza; The effort includes artificial intelligence, fake social media accounts and a spike in state-sponsored Russian propaganda
NewsGuard: Russia-Ukraine Disinformation Tracking Center: 477 Websites Spreading War Disinformation And The Top Myths They Publish
Campus Protests Give Russia, China and Iran Fuel to Exploit U.S. Divide; America’s adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.

 
Hurricane Preparedness. A Proclamation on National Hurricane Preparedness Week, 2024.

Oklahoma and Kansas at High Risk of Extreme Storms and Tornadoes
Heavy rains ease around Houston but flooding remains after hundreds of rescues and evacuations
Dashcam shows tornado obliterate Nebraska building
Nebraska tornado survivor recounts mayhem: 'The windows exploded and glass was flying everywhere'


Death toll from southern Brazil rainfall rises to 78, many still missing

 
China & Resilience! 

SAVE THE DATE! CISA Hosts CISA Live! – “People’s Republic of China Cyber Threats and What We Can Do”. On Wednesday, May 15, we will host our next CISA Live! - “People’s Republic of China Cyber Threats and What We Can Do” 
Under the Digital Radar: Defending Against People’s Republic of China’s Nation-State Cyber Threats to America’s Small Businesses.

 
Quick Hits

Australian police shoot dead 'radicalized' teen
Germany Travel Advisory-Level 2: Exercise Increased Caution-May 1, 2024
Sweden “On Terror Level Four” As Security Is Tightened A Week Before Eurovision Song Contest
Bird flu's wild range; Counties where avian flu has been detected in wild mammals since 2022


House Energy and Commerce Committee: What We Learned: Change Healthcare Cyber Attack


French cyberwarriors ready to test their defense against hackers and malware during the Olympics
The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States
FBI Releases 2023 Elder Fraud Report with Tech Support Scams Generating the Most Complaints and Investment Scams Proving the Costliest


CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity
Communication gaps between IT departments and senior corporate leadership worsening application security risks
SBOM Sharing Primer
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities
Maersk says Red Sea disruption will cut capacity by 15-20% in second quarter
Chinese-Made Surveillance Cameras Are Spreading Across Eastern Europe, Despite Security Concerns


Wichita government shuts down systems after ransomware i

Jennifer Lyn Walker returns to the Security Sprint and partners with Dave on the following topics.
Protests.

CNN: https://www.cnn.com/business/live-news/university-protests-palestine-04-29-24/h_5c66b0505df54a3db5b57e3949161257


AP: https://apnews.com/article/israel-palestinian-campus-student-protests-war-8b0d3a0cedb17f5e892c6ca43bbdf628?taid=6630becafd4f33000168594c&utm_campaign=TrueAnthem&utm_medium=AP&utm_source=Twitter


National Small Business Week, Take Steps to Secure Your Business

During National Small Business Week, Take Steps to Secure Your Business https://www.cisa.gov/news-events/news/during-national-small-business-week-take-steps-secure-your-business
Secure Your Business https://www.cisa.gov/secure-our-world/secure-your-business


Severe Weather.

Tornados. NBC: ⁠https://www.nbcnews.com/news/weather/overnight-tornadoes-storms-leave-heavy-destruction-nebraska-iowa-rcna149658⁠
https://apnews.com/video/oklahoma-tornadoes-natural-disasters-ef4b5e6696bf47d69a869102f5b7a441
Hurricanes. https://engr.source.colostate.edu/researchers-predicting-well-above-average-2024-atlantic-hurricane-season/


Lots of Water…

DHS asked to consider potentially 'devastating’ impact of hacks on rural water systems https://therecord.media/water-utility-cyberattacks-lawmakers-letter-to-dhs
Director Wray's Remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats https://www.fbi.gov/news/speeches/director-wrays-remarks-at-the-vanderbilt-summit-on-modern-conflict-and-emerging-threats


Quick Hits.

https://www.thebaltimorebanner.com/education/k-12-schools/eric-eiswert-ai-audio-baltimore-county-YBJNJAS6OZEE5OQVF5LFOFYN6M/
Vulnerabilities – PAN OS & Siemens RUGGEDCOM; Cisco


Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability https://www.securityweek.com/siemens-industrial-product-impacted-by-exploited-palo-alto-firewall-vulnerability/
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
 
Scams
Japanese police create fake support scam payment cards to warn victims https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/
FBI warns of massive wave of road E-Z Pass - toll SMS phishing attacks https://www.bleepingcomputer.com/news/security/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks/
Researchers find dozens of fake E-ZPass toll websites after FBI warning https://therecord.media/researchers-find-dozens-of-ezpass-spoofs
 
AI
6 security items that should be in every AI acceptable use policy https://www.csoonline.com/article/2093806/6-security-items-that-should-be-in-every-ai-acceptable-use-policy.html
 
Misc (didn’t get to, but providing for bonus)
Top 10 physical security considerations for CISOs https://www.csoonline.com/article/566635/what-is-physical-security-how-to-keep-your-facilities-and-devices-safe-from-on-site-attackers.html

In this episode of The Gate 15 Interview, Andy Jabbour welcomes Curtis E. Tilley, Branch Chief, Training, Office for Bombing Prevention (OBP), Cybersecurity and Infrastructure Security Agency (CISA).
· Curtis on https://www.linkedin.com/in/curt-tilley-0089b6b2/.
- Those who want to engage with the DHS Office of Bombing Prevention may email at mailto:obp@cisa.dhs.gov.

In the discussion we address:
- OBP’s background.
- Some bomb threat and IED history.
- The enduring threat and challenge of the IED threat.
- Preparedness and resources.
- How to contact OBP.
- We talk about what’s on Curt’s mind.
- We play Three Questions and talk Macho Man Randy Savage, being the big man on campus, serving our communities and more!

A few references mentioned in or relevant to our discussion include:
- https://www.hstoday.us/subject-matter-areas/emergency-preparedness/profiles-in-excellence-curtis-tilley-branch-chief-office-for-bombing-prevention-cisa/ (13 Mar 2023)
- Watch the discussion noted above https://youtu.be/NhWHpE2kEs8
- http://www.cisa.gov/obp
- https://www.youtube.com/watch?v=xUgLIIduLWY
- https://www.cisa.gov/
- https://www.dni.gov/nctc/timeline.html

In the latest episode of the Security Sprint, Dave and Andy talked about the following topics.

Warm Start
·       CISA Announces 9th Cyber Storm National Exercise. The Cybersecurity and Infrastructure Security Agency (CISA) is hosting its ninth iteration of the Cyber Storm (CS IX) Cyber Exercise. It’s the nation’s largest cyber exercise designed to improve the cybersecurity posture of our nation’s critical infrastructure. Through extensive planning, this exercise strengthened cybersecurity preparedness and response capabilities through exercising policies, processes, and procedures for identifying and responding to a multi-sector significant cyber incident impacting critical infrastructure. For more information and resources, visit Cyber Storm IX: National Cyber Exercise | CISA & Cyber Storm IX: National Cyber Exercise | CISA

FB-ISAO: Best Practices for Securing Your Router / Wi-Fi
'NCSC Cyber Series' podcast now available on Spotify

 
Main Topics: 
US 911 emergency call line outage resolved in some areas

The PRC has made it clear that it considers every sector that makes our society run as fair game in its bid to dominate on the world stage, and that its plan is to land low blows against civilian infrastructure to try to induce panic and break America’s will to resist…

Director Wray's Remarks at the Vanderbilt Summit on Modern Conflict and Emerging Threats


FBI says Chinese hackers preparing to attack US infrastructure
Gallagher’s ominous farewell
Chinese Government Poses 'Broad and Unrelenting' Threat to U.S. Critical Infrastructure, FBI Director Says


UK: Government cracks down on ‘deepfakes’ creation

“Proactive De-escalation”
 
Quick Hits
·       Russian US election interference targets support for Ukraine after slow start
·       Microsoft: Nation-states engage in US-focused influence operations ahead of US presidential election
·       Information operations will be ‘foundational’ to future DOD efforts, Cybercom chief says
·       How A.I. Tools Could Change India’s Elections
·       Google: Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
·       Secret Russian foreign policy document urges action to weaken the U.S.
·       RAND: Generative Artificial Intelligence Threats to Information Integrity and Potential Policy Responses
·       Securing Election Infrastructure Against the Tactics of Foreign Malign Influence Operations
·       Montgomery Co. student charged with threats of mass violence after police discover disturbing ‘manifesto.’
·       CISA and Partners Release Advisory on Akira Ransomware
·       FBI: Akira ransomware raked in $42 million from 250+ victims
·       Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities
·       FACT SHEET: Biden-⁠Harris Administration Releases Strategy to Strengthen Global Health Security
·       U.S. Government Global Health Security Strategy 2024 (PDF)
·       Undersea ‘hybrid warfare’ threatens security of 1bn, Nato commander warns
·       Joint Guidance on Deploying AI Systems Securely
·       UK NPSA: Personal Safety and Security for High-Risk Individuals
·       840-bed hospital in France postpones procedures after cyberattack
·       Cloudflare: DDoS threat report for 2024 Q1
·       Hearing - Held for Ransom: How Ransomware Endangers Our Financial System. See the full hearing video on YouTube.
·       Ex-White House cyber official says ransomware payment ban is a ways off
·       Top officials again push back on ransomware payment ban
·       Change Healthcare’s New Ransomware Nightmare Goes From Bad to Worse
·       UnitedHealth Group reports that the Change Healthcare ransomware attack has had an $872 million financial hit on its business so far
·