ISC StormCast for Wednesday, March 23rd, 2022
Statement by President Biden: What you need to do (or not do)
https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/
ASUS Cyclops Blink Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
HP Vulnerabilities
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Sophos UTM Updates
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710
MacOS GIMMICK Malware
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Octa Breached By Lapsus
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://twitter.com/BillDemirkapi/status/1506107157124722690
Mental and behavioral health support boosts school safety
Researchers from the University of South Carolina received Department of Justice (DOJ) funding to investigate school safety and mental health in the “Interconnecting PBIS and School Mental Health to Improve School Safety: A Randomized Trial” study.
AvosLocker ransomware a threat to critical infrastructure
Ransomware as a service (RaaS) affiliate group AvosLocker has targeted a number of victims across multiple critical infrastructure sectors. Here are a few mitigation strategies organizations can implement.
Data privacy in 2022: Four recommendations for businesses and consumers
There isn’t a silver bullet to consumer data privacy; different organizations are at different stages of privacy maturity. However, there are four steps organizations can take to advance their data privacy program maturity.
ISC StormCast for Tuesday, March 22nd, 2022
Maldoc Cleaned by Anti-Virus
https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
IBM Spectrum Protect Update
https://www.ibm.com/support/pages/node/6564745
Lapsus$ May have Breached Microsoft
https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/
Statement by President Biden on our Nation’s Cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
Federal program supports women in counterterrorism
Engaging Multinational Police Women on Equality and Rights (EMPoWER), a project from the U.S. Department of Justice and the Department of State’s Counterterrorism Bureau, aims to provide leadership opportunities for women in security.
Research highlights mass violence motivated by misogyny
To help reduce tragedies due to misogynistic extremism, such as the Hot Yoga Tallahassee attack, organizations should establish proactive safety programs and a multidisciplinary threat assessment program.
Top three attack trends in API security
A new Cequence Security API Security Threat Report: Bots and Automated Attacks Explode revealed three attack trends in API security.
How to create a security-first culture
When it comes to building a security-first culture, a layered approach that takes physical security, security solutions and training into consideration is best.
