top of page
  • Donald E. Hester

Cyber Risk Update 20 OCT 2023

Discord Server Name Change

We are searching for a new server name! Our aim is to foster broader participation. The team supporting this server handles all aspects of critical infrastructure. While the majority pertains to SLTT (State, Local, Tribal, and Territorial), we're actively seeking collaboration opportunities across various other critical infrastructure sectors. So, we're reaching out to you for suggestions on a fresh server name. We thought something with CIRK in the name could be a fitting choice. 'CIKR' (Critical Infrastructure and Key Resources). Join the discord server and vote or suggest t new name. You will find the poll under the general channel. (TLP Clear Only) Invite: https://discord.gg/PGz3NDKb5V

Advisory

  • State Department advises all Americans overseas ‘to exercise increased caution’ in worldwide alert. Due to increased tensions in various locations around the world, the potential for terrorist attacks, demonstrations or violent actions against U.S. citizens and interests, the Department of State advises U.S. citizens overseas to exercise increased caution. U.S. citizens should: Stay alert in locations frequented by tourists. Enroll in the Smart Traveler Enrollment Program (STEP) to receive information and alerts and make it easier to locate you in an emergency overseas. Follow the Department of State on Facebook and Twitter. https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories/worldwide-caution.html

AI

Privacy

Incidents

Good News

Guidance

  • Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published version 3 of the #StopRansomware Guide, an update to our one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks. The update incorporates additional recommended actions to reduce internet-facing vulnerabilities and strengthen security of web browsers and server message block (SMB) protocols. Also, the ransomware and data extortion checklist that organizations should use when dealing with a potential or actual ransomware incident was updated. https://www.cisa.gov/stopransomware

Vulnerabilities

Financial

Budget impact cyber risk.

TTP & Malware

Reports

Cybersecurity Awareness Month

Nation States

GRC

Phishing

Privacy

  • Federal agencies falling behind on privacy. Many federal agencies still don’t incorporate privacy into their risk-management framework, five years after a standards-setting body published a framework for how to do so, CyberScoop reports. The Government Accountability Office a year ago said that 14 agencies had failed to do so, leading to concerns that the government is ill-positioned to manage a growing body of sensitive information it collects. https://cyberscoop.com/federal-agencies-data-privacy-concerns-risk-management-strategies/

  • Threat Actor "Golem" who hacked 23andMe posting antisemitic statements and Golem posted a link to what was advertised as a trove of 1 million records of 23andMe profiles including Ashkenazi Jewish markers to BreachForums on October 2. https://www.theregister.com/2023/10/19/latest_23andme_data_leak_takes/

Things that are generally increasing cyber risk

Related Posts

See All
Featured Posts
Recent Posts
Posts By Category
Follow Me
  • Facebook Basic Square
  • LinkedIn Social Icon
  • Twitter Basic Square
  • YouTube Social  Icon
  • SlideShare
bottom of page