July 30, 2023

Malicious USB Attacks up 30% in 1H2023
Almost 40 Percent of Ubuntu Users Vulnerable
Audit of DoD’s Implementation and Oversight of CUI (DODIG-2023-078)
Microsoft to Give Office 365 Customers Free Access to Purview Premium Features
Atlassian Remote Code Execution Bugs Affect Confluence and Bamboo
Report Card on DoJ: Does Not Play Well With Others
Yet Another Law Firm Falls to Hackers
12 Norway Government Ministries Hit by Cyberattack

Security News for the Week Ending July 28th, 2023

This week’s news bites: criminal or whistleblower, Senate takes another whack at banning dark
patterns nationally, TSA issues updated cybersecurity guidelines to pipeline and national gas
operators, the NDAA bill wants the Pentagon to evaluate creating a dedicated U.S. Cyber Force
and yet another malicious GPT emerges.

Read the details here.

More law firms are falling to hackers every week. Are you prepared? If you are not sure,
please contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com

Mitch@CyberCecurity.com

July 21, 2023

Senate Bill Makes End to End Encryption a Crime
Intel’s Deep Fake Video Detecter – 96% Accurate
Utility Experts Say China is a Threat to the Grid
Apple Releases Third Try at Patch for Webkit Bug Being Exploited – Patch Now
SEC Delays New Cyber Rules Until October
Amazon Agrees to $25 Million Fine for Alexa Privacy Violations
Pay Down Supply Chain (Software) Debt
Hackers Steal $20 Mil by Exploiting Bug in Revolut’s Payment System
More MOVEit Breach Reports
Wisconsin County Declares ‘Catastrophic Software Failure’ (What Everyone Else Calls Ransomware)
Mississippi County Describes Ransomware as a Digital Hurricane

Security News for the Week Ending July 22nd, 2023

This week’s news bites: well, this is a bit of an oops, bill to stop feds from buying data passes
one hurdle, famed social engineer/hacker Kevin Mitnick dead at 59, how to tell whether “your
security is our top priority” and Apple threatens to remove FaceTime and iMessage from UK
iDevices if the UK bans end to end encryption.

Read the details here.

Are you tracking your technical debt? Including supply chain debt? Are you reducing
it? Need help with this? Please contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com

Mitch@CyberCecurity.com

July 16, 2023

FTC Expands Use of Health Breach Notification Rule Enforcement
Yet Another Law Firm Exposes Clients’ Sensitive Files
CISA Releases Version 2 of Zero Trust Reference
Colorado Posts Enforcement Plan for Colorado Privacy Act
Any Idea What Entra ID is?
New Breached Companies Continue to Admit They Fell to MOVEit hack
Progress Software Patches 3 New MOVEit Bugs This Week
Apple Releases More Out-of-Band Emergency Patches
Silk Road’s Second in Command Gets 20 Years
FBI Alert on Foreign Adversary Data Gathering and Asset Recruiting at Trade Shows
Another Day, Another City Goes Dark – Hayward, California
Taiwan Semiconductor Blames Third Party for Breach and $70 Million Ransom Demand
HCA Healthcare Whacked for 10+ Million Patients’ Data

Security News for the Week Ending July 14th, 2023

This week’s news bites: OpenAI and Meta both sued for copyright infringement over AI tools,
IBM joins the GPT biz, state bill would prohibit selling cell location data to third parties, another
form of credit score – your cell data and ChatGPT for crooks – WormGPT.

Read the details here.

If you need help vetting your law firm’s security or any other vendor’s security, please
contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com

Mitch@CyberCecurity.com

July 9, 2023

California Court Delays Enforcement Date of CPRA but NOT Effective Date
Cryptocurrency Exchange Binance is the Next Crypto-Domino to Fall
Clash of the Titans – Zuck’s Threads vs. Elon’s Twitter And the Lawsuits Begin
Unpatched WordPress Sites Using Ultimate Member Plugin at Risk of Hacker Creating Secret Accounts
Hundreds of Thousands of Fortigate Firewalls Remain Unpatched
Google Changes Its Privacy Policy – Such as it Is
False Claims Act Used Against Mortgage Lender; Whistle Blower Gets $4 Mil
Sweden Tells Companies to Stop Using Google Analytics
Another Lawsuit Filed Over MOVEit Breach
More States are Requiring Age Verification for Access to Adult Websites
Poly Network, a Crypto Bridge, Exploited Again – Should be No Surprise
Taiwan Semiconductor Blames Third Party for Breach and $70 Million Ransom Demand

Security News for the Week Ending July 9th, 2023

This week’s news bites: Twitter limits the number of Tweets you can see per day, Microsoft and
OpenAI being sued for $3 billion over scraping, MOVEit victims now exceed 16 million and
counting, GPS company hit with product liability lawsuit over role in murder and when did you
last patch your solar panels.

Read the details here.

Between Twitter trying to stop you from scraping their data, Google changing their
privacy policy to let you know that they will scrape any data they can find and Threads,
well, it is easier to scrape the data of 100 million users if you own the platform.
Concerned about privacy and your company’s private data, please contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com

Mitch@CyberCecurity.com

July 2, 2023

Public Exploit Available for Cisco AnyConnect VPN Client
Putin Ally Suggests Damaging Undersea Fiber Between US and Europe
CISA and NSA Publish Guidance on Securing CI/CD Pipelines
Microsoft Releases New Version of SysInternals Autoruns
Apple in the Spotlight, Again
Chinese Spy Balloon Was Full of US Hardware
Meta Pledges to Remove News Content Because of New Law
Australia Tells Twitter to Clean Up Online Hate Content
OWASP Top 10 – API SECURITY RISKS 2023
American and Southwest Airlines Hit by Breach … at Third Party
Be Careful What Cyber Promises You Make

Security News for the Week Ending July 2nd, 2023

This week’s news bites: ex-FBI employee sentenced to 46 months for taking classified
documents home, Europol arrests 6500 crooks and recovers $900 million in proceeds from EncroChat takedown, shady Chinese encryption chips used by Navy, NATO and NASA, TikTok
lied to Congress – who would have guessed and two hacking groups claim hack of Russian
SatCom provider.

Read the details here.

With Putin threatening to cut undersea fiber and since we have already seen hacktivists
cutting fiber in the US and Europe, is your business continuity plan prepared to handle a
significant Internet outage, in light of the move to SaaS providers and the cloud? If you
need assistance thinking this through, please contact us.

Mitch

www.CyberCecurity.com
www.TurnkeyCybersecurityAndPrivacySolutions.com

Mitch@CyberCecurity.com