Weekly Security Sprint EP 83. Helena recovery, Crimes report, and CSAM

In this week's Security Sprint, Dave and Andy covered the following topics:

Warm Open

Water, Water, Everywhere!

§  WaterISAC – EPA: National Security Information Sharing Bulletin

§  WaterISAC - Cybersecurity Fundamentals for Water and Wastewater Utilities

§  WaterISAC: Incident Awareness – Ransomware Attackers Target Kansas Water Treatment Facility

§  Kansas water plant cyberattack forces switch to manual operations

§  WaterISAC: EPA’s Hazard Mitigation for Natural Disasters: A Starter Guide for Water and Wastewater Utilities

§  Fears of Weakness in Water Cybersecurity Grow After Kansas Attack

§  WaterISAC: Potential Supply Chain Impacts from East Coast and Gulf Coast Labor Negotiations (Updated September 26, 2024)

§  Deluge of Threats to Water Utilities: Securing Operational Technology Against Cyberattacks

INC Ransomware had a very active weekend! GRIP subscribers saw some of that in the SUN, and see more in this week’s Ransomware and Data Breach Digest and a special Bricklayer AI-informed TARGET Report on INC Ransomware.

Main Topics

Severe Weather, Hurricane Helene, and Resilience Planning.

Crime

• FBI Releases 2023 Crime in the Nation Statistics.
• ADL: New FBI Data Reflects Record-High Number of Anti-Jewish Hate Crimes
• FBI Releases 2024 Quarterly Crime Report and Use-of-Force Data Update.

CSAM. A Proclamation on Cybersecurity Awareness Month, 2024.

• T-Mobile Required to Change Business Practices After Data Breaches.
• Derek Johnson. T-Mobile reaches $31.5 million settlement with FCC over past data breaches.

Quick Hits

• JCAT First Responders Toolbox: Enhancing Bystander Reporting to Prevent Terrorism
• UK NCSC: Multi-factor authentication for your corporate online services
• NZ NCSC - Joint Guidance: Detecting and mitigating Active Directory compromises
• CISA Warns of Hurricane-Related Scams. 
• Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, 
• Consumer Financial Protection Bureau's Frauds and scams, and 
• CISA’s Phishing Guidance, Stopping the Attack Cycle at Phase One to help organizations reduce likelihood and impact of successful phishing attacks. 
• Wifi suspended at big UK train stations after ‘cybersecurity incident.’
• Israel issues warnings, guidelines for travel abroad ahead of Jewish holidays
• Indictment Alleges the Activity Was a More Recent Phase of a Wide-Ranging Hacking Conspiracy in Support of IRGC Targeting of Current and Former U.S. Officials
• Iranian hackers indicted Friday allegedly sought to impersonate Ginni Thomas as they targeted Trump campaign
• Treasury Sanctions Iranian Regime Agents Attempting to Interfere in U.S. Elections
• Rewards for Justice: Election interference Individual - IRGC Hackers, up to $10 Million
• Election Security Update as of Mid-September 2024: 45 Days Until Election 2024. 
• Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
• Iran was behind thousands of text messages calling for revenge over Quran burnings, Sweden says
• Maryland Woman Sentenced for Conspiring to Destroy the Baltimore Region Power Grid
• Patch for Critical CUPS vulnerability: Don't Panic
• Neo-Nazis are using AI to rebrand Hitler for a new generation
• Axios Vibes: Americans blame politicians for misinformation
• Neo-Nazi Telegram Users Panic Amid Crackdown and Arrest of Alleged Leaders of Online Extremist Group
• Man threw explosive device inside California courthouse on day of arraignment
• Republican Homeland Security Committee bill set to combat CCP cyber threats, boost cyber resilience