Hello folks! There are a number of items that have caught my attention within this newsletter and some of these were covered here on the blog, or at the time I write this, hasn’t been posted yet at least for one of the items.
Let’s go ahead and get started.
Top of the news
The top of the news does contain a few CISA items which I did spot in my one email address, but it does contain something else that I spotted. Here’s the list of news that made top headlines since Friday.
- CISA Adds Plex and XStream Vulnerabilities to KEV List
- • Cerebral Notifies Millions of Data Breach
- CISA Ransomware Vulnerability Warning Pilot
Oh boy. This probly didn’t surprise me to see Cerebral being part of the news this week. I blogged about it right here. We can’t forget about Good RX and Better Help which also broke news of issues that I spotted this month. Sans has other articles and I did read one of these. Its definitely something to worry about if you have used one of Cerebral’s apps to deal with whatever issue you might have.
The rest of the news
Here is the rest of the news that made it in to this week’s newsletter.
- Blackbaud Agrees to Pay $3M to Settle Misleading Disclosure Charges
- CISA Shares Red Team Incident Assessment Findings
- Authorities Seize NetWire RAT Domain, Infrastructure Server
- CISA and Women in CyberSecurity Announce Partnership
- Los Angeles Housing Authority Discloses Data Breach
- Belgian Hospital’s Servers Hit with Cyberattack
- Akuvox E11 Smart Intercom Vulnerabilities Remain Unpatched
- Failure of Silicon Valley Bank May Lead to Phishing/BEC-like Scams
Michael in Tennessee sent this tech crunch article talking about Blackbaud, and I did blog it. At the time of writing that blog, I decided to post it later because of this AT&T post about 9 million plus users breached.
As we’re about to get this blogged, this blog post about blackbaud posted. Check out my comments on this if you wish to do so.
When I notified Brian Krebs about this, he told me that it was posted on a site called data breaches. I’m surprised that this AT&T breach isn’t out there, might come out this next week. Problem is, Brian mentioned it was reported on Databreaches last week. Problem much?
I hope that the Black Baud folks learn from this critical mistake and they make sure to the best of their ability that this doesn’t happen again.
The other biggest thing was dealing with Netwire and of course, they link to Brian Krebs’s article I titled So … Who is Netwire and should you be concerned about it?
There are other articles within Sans News bites that covered this.
I did like the fact that they covered something I didn’t know which was the Los Angeles story. Its unfortunate that the housing authority got breached, but anyone can be breached now a day, so we just need to do the best we can.
They did cover some more hospital ransomware attacks, and unfortunately as we predicted, this is how that’s going to go until hospitals convert to something more secure.
Why didn’t they cover something like this blog post talking about a nasty trojan being dangerous? We use our phones more, and while I have IOS, lots of people use Android, and that might more commonplace in the wworkplace. What about this blog post about TV’s and popups not being covered? I bet you that some of the TV’s they use are smart so that they can do presentations and things as part of their meeting.
Los Angeles Metro had a screen, a camera and a bunch of us in a room to conduct our meeting and someone used a computer connected to a TV to do Zoom. Does that make it a smart TV?
And speaking of things not covered in this newsletter, this blog post talks about word documents not being safe anymore. All you have to do is have it around and it can cause havoc. You don’t necessarily need to be able to edit it, just reading one is now a problem and hat can be a big time security problem.
Here is the sans news bites newsletter for March 14, 2023 for everyone to read. Feel free to comment on these or anything else I braught up as part of the newsletter.
See you all later!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.