Weekly Security Sprint EP 98. A few of our favorite things: EAP, Ransomware, Phishing and more!
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Opening:• In reversal, CISA workforce now permitted to take deferred resignation offer• FS-ISAC Releases Timely Data Governance And Generative AI Guidance & read More Opportunity, Less Risk: 8 Steps to Manage Financial Services Data with GenAI.Cyber Pipeline:o Chairman Rreen reintroduces “Cyber PIVOTT Act,” Senator Rounds to lead companion legislationo Lawmakers unite to push forward Cyber Forceo Gate 15’s been arguing for this since 2018… It’s Time for an FBI Cybercrime College Scholarship Program, October 14, 2018• Blended Threats! Gate 15’s been talking about this since 2017… Unpacking the vicious cycle of climate change and digital security. Blended Threats you say…? Cyberattack on NHS causes hospitals to miss cancer care targetsMain Topics:CISA Releases Active Assailant Emergency Action Plan Template and Instructional Guideo Active Assailant Emergency Action Plan Templateo Instructional Guide to the CISA EAP TemplateRansomware & Data Breaches: Ransomware attackers turn to workers for data breach accesso Cyfirma: Tracking Ransomware: January 2025o 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Paymentso Coveware: Will Law Enforcement success against ransomware continue in 2025?o Halcyon Threat Insights 013: February 2025 Ransomware ReportScams!Take9! Hackers Hijack JFK File Release: Malware & Phishing Surgeo Take9: Gate 15 is proud to partner with Take9! 9 SECONDS FOR A SAFER WORLD. Cyber threats are everywhere. And getting sneakier. What can you do to protect yourself, your community and our nation? Take a 9 second pause and think before you click, download, share. A short pause goes a long way.o Threat actor claims to have breached Trump HotelsQuick Hits:• Trump's Gaza comments hand jihadist terrorists a 'rallying cry,' experts say• CSI: Security Considerations for Edge Devices: Executive Guidance• Canadian Centre for Cyber Security - Virtual private networks (ITSAP.80.101)• UK NCSC: Network security fundamentals; How to design, use, and maintain secure networks• National Security Presidential Memorandum/NSPM-2; Imposing Maximum Pressure on the Government of the Islamic Republic of Iran, Denying Iran All Paths to a Nuclear Weapon, and Countering Iran’s Malign InfluenceGovernment Data Security Concerns:o A US Treasury Threat Intelligence Analysis Designates DOGE Staff as ‘Insider Threat’o Federal judge blocks Elon Musk’s DOGE from accessing sensitive US Treasury Department materialo Government Security Professionals Grapple with Following Procedure Amid DOGE Demandso Teen on Musk’s DOGE Team Graduated from ‘The Com’o As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts sayo Coalition of US states to file lawsuit after Musk’s DOGE gains access to Americans’ personal dataBreaking Encryption:o U.K. orders Apple to let it spy on users’ encrypted accounts; Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users.o UK’s secret Apple iCloud backdoor order is a global emergency, say criticsDeepSeek:o Lawmakers Push to Ban DeepSeek App From U.S. Government Deviceso Researchers say China’s DeepSeek chatbot is linked to state telecom, raising data privacy concerns• Internet-connected cameras made in China may be used to spy on US infrastructure: DHS• Exclusive - Chinese Spy Balloon Was Packed With American Tech; The balloon carried technology from at least five US firms.• Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts & Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software