December 31, 2023

• Unfortunately, Your (Electric) Vehicle Cannot be Driven
• UK Warns Web Sites to Allow “Reject All” Cookies
• Ransomware Attackers Abuse Windows Common Log File System
• Brief 150 Page Guide to PCI 4.0 Compliance
• Senate Confirms Air Force Lt. Gen Timothy Haugh to Head NSA and Cyber Command
• Google to Settle Class Action that Incognito is Not Private
• U.S. Catches Pig Butcher
• How Pig Butchering Works (no, this is not about making bacon)
• Kallias and Associates Hacked
• Fidelity National Financial Releases More Details of Last Month’s Breach
• Merry Leaksmas – From Hackers to You

Security News for the Week Ending December 29th, 2023

This week’s news bites: AI and the end of privacy, most sophisticated iPhone attack ever was
active for four years, real estate wealth network leaks a wealth of high net worth data, hospital
sues Russian hackers to get them to delete stolen data and UK rule may make banks liable for
romance scam losses up to $525,000.

Read details here.

It looks like financial service firms are being successfully compromised by hackers. Are
you confident that you would detect an attack in time and could contain it quickly once
you did detect it. If you are not sure, please contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

December 24th, 2023

• China’s Ban on Apple iPhones Accelerates
• Blackcat Ransomware – All Bark OR Is There Bite?
• NSA Issues guidance on SBOMs and Supply Chain Risk Management
• VMWare Gives Microsoft a Huge Christmas Present
• End of Support for Windows 10 Could Send 240 Million PCs to Landfills
• Apple to Halt Watch Series 9 and Watch Ultra 2 Sales Due to Patent Infringement
• Maybe US Businesses Need to Rethink Complaining About Short Notification Times – See What China is Doing
• The Fight Over FISA Section 702 Continues
• MOVEit (Cl0p) Ransomware Count
• VF Corp Hit by Ransomware; Affects Operations
• Mr. Cooper Breach Covers All Current and Former Customers
• Hacking Critical Infrastructure – in Russia
• Kansas City Area Hospital Transferred Some Patients After Cyber Attack

Security News for the Week Ending December 22nd, 2023

This week’s news bites: low code/no code apps not a security nirvana, as if Twitter doesn’t have
enough problems, EU now investigating DSA violations, Comcast/Xfinity issues mass password
reset but doesn’t say why, Anthropic AI will now defend customers against copyright claims,
T-Mobile continues its tradition of security breaches and child sex abuse material found in AI
dataset.

Read details here.

It looks like financial service firms are being successfully compromised by hackers. Are
you confident that you would detect an attack in time and could contain it quickly once
you did detect it. If you are not sure, please contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com
Mitch@CyberCecurity.com
720-891-1663

December 18th, 2023

• Small Irish Water System Down for Two Days Due to Attack on Industrial Control System
• 5Ghoul Attack Impacts 5G Phones with Qualcomm or MediaTek Chips
• NIST NCCoE Releases Drafts on Protecting from and Responding to Breaches
• Apple Vision Pro May be Released in January
• New Vulnerabilities in pfSense Firewall – Patch Now
• Remember Apache Struts? Say Hi to Struts 2
• Uranium Finance Hacker Cashes Out His $50 Mil in an Odd way
• Do Kwon, Founder of Terra/Luna, Likely to be Extradited After Jail in Montenegro
• The Fight Over FISA Section 702 Continues
• How to Build a Machine Learning Model is 7 Steps
• MOVEit (Cl0p) Ransomware Count
• Norton Healthcare Say Attackers Stole Millions of Patient’s Data
• Medusa Ransomware Gang Hits Schools in CA, NH and KY in One Week
• Seattle Cancer Center Hit by Ransomware; Hackers Extort Individual Patients

Security News Bites for the Week Ending December 15th, 2023

This week’s news bites: Joe Sullivan, convicted former Uber CISO, speaks out, FCC updates
telco breach notification rules, Harry Coker confirmed as National Cyber Director, in case you
were wondering, it takes a long time to recover from ransomware and Utah supreme court says
suspects do not have to tell cops their password.

Read details here.

Check fraud is real, costing businesses billions of dollars. According to the Uniform
Commercial Code, you are a knowledgeable user and so you are responsible for your
losses. If you need help with this, please contact us.

Mitch
www.CyberCecurity.com

December 11th, 2023

• Court Records System Used in Several States Compromised; Revealed Sensitive Data
• Loytec Building Automation Flaws Not Patched After 2 Years – Flaws Disclosed
• Some Sierra Wireless Routers Vulnerable to 21 Bugs – Used in Critical Infrastructure
• Senator Wyden Warns Governments are Spying Using Push Notifications
• Fake WordPress Security Advisory Highlights Need to Verify Security Updates
• Researchers Warn GPTs Can be Manipulated for Malicious Intent
• Facebook Sued for Requiring Users to Pay for Non-Tracking Version in EU
• Florida Water Agency Admits to Hack
• Google Figures Out How to Make ChatGPT Spit Out Raw Training Data
• MOVEit (Cl0p) Ransomware Count
• Staples Confirms Ransomware Attack
• Hackers Compromise Medical Imaging Services in New York and Texas
• Hackers Demand 300,000 British Pounds to Not Leak Royal’s Medical Info

Security News Bites for the Week Ending December 11th, 2023

This week’s news bites: US warns that Iran terrorists broke into multiple US water facilities, HP
exec admits that locking in print customers is very profitable, hackers compromise fed agencies
using obsolete version of Cold Fusion, Microsoft hires new CISO and Deputy CISO and Critical
Bluetooth design flaw affects many devices.

Read details here.

We continue to see security and privacy concerns with AI. Since AI is not going away,
companies need to create AI policies and practices to protect them. If you need help with
this, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.

December 3rd, 2023

• Critical Infrastructure Continues to be in the Crosshairs
• California Proposes New AI Regulations
• This Week is Amazon’s Turn for Announcing AI Chips
• And Amazon is Joining the AI Bot World
• Apple Patches More Actively Exploited Zero-Days
• Judge Backs FTC in Restrictions Against Meta
• MOVEit (Cl0p) Ransomware Count
• Ardent Health Ransomware Attack Affects Hospitals in Multiple States
• 1,977,486 Victims. So Says Dollar Tree. Or the Third Party that Breached Their Data
• Seattle Surgical Practice Compromised 437,000 Patient’s Data in Ransomware
• Hijack of Industrial Control Water Utility Confirmed

Security News Bites for the Week Ending December 3rd, 2023

This week’s news bites:

This week’s news bites: Montana and Indiana TikTok ban stunts unsurprisingly fail in court, UK
lawmakers modifying their version of GDPR, Interpol uses new biometrics database to catch
crooks, 60 US credit unions offline due to ransomware at IT provider and Microsoft pledges to
improve security with “Secure Future” program.

Read details here.

If you share sensitive data with outside law firms or have an internal legal department,
your data may be at risk. Have you taken the necessary steps to protect your data? Law
firms are falling like flies to hackers. If you have concerns, please contact us.

Mitch
www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.