The Gate 15 Podcast Channel
By Gate 15
The Gate 15 Podcast ChannelAug 29, 2022
Weekly Security Sprint EP 64. Verizon DBIR, MDM, Hurricanes, Cyber Resilience
Weekly Security Sprint EP 63. The return of the Cybersecurity Evangelist, protests, weather, vulnerabilities and more.
The Gate 15 Interview EP 45. Curt Tilley, DHS Office of Bombing Prevention
· Curtis on www.linkedin.com/in/curt-tilley-0089b6b2/.
- Those who want to engage with the DHS Office of Bombing Prevention may email at mailto:obp@cisa.dhs.gov.
In the discussion we address:
- OBP’s background.
- Some bomb threat and IED history.
- The enduring threat and challenge of the IED threat.
- Preparedness and resources.
- How to contact OBP.
- We talk about what’s on Curt’s mind.
- We play Three Questions and talk Macho Man Randy Savage, being the big man on campus, serving our communities and more!
A few references mentioned in or relevant to our discussion include:
- www.hstoday.us/subject-matter-areas/emergency-preparedness/profiles-in-excellence-curtis-tilley-branch-chief-office-for-bombing-prevention-cisa/ (13 Mar 2023)
- Watch the discussion noted above youtu.be/NhWHpE2kEs8
- www.cisa.gov/obp
- www.youtube.com/watch?v=xUgLIIduLWY
- www.cisa.gov/
- www.dni.gov/nctc/timeline.html
Weekly Security Sprint EP 62. A jumbalaya of news - emergency comms, China, deep fakes, and de-escalation
Nerd Out EP 47. Middle East, Domestic Issues, and the Acolyte!
In the latest episode of Nerd Out, Dave welcomes in Alec Davison as his partner in crime for the podcast. After they get through the excitement of the latest Taylor Swift album, they talked through the latest activity in the Middle East and what it could mean domestically. Then they looked at the latest news related to the U.S. election including the recent incident outside of the Trump trial and potential concerns that may play out over the course of the year especially related to mis/dis/mal-information. They wrap up the pod with some real nerd discussions on Star Wars and what the new series has to offer! Alec Davison is the Lead Analyst at the Water Information Sharing and Analysis Center (WaterISAC). In addition, he works as a Risk Analyst at Gate 15. He holds an M.A. in Security Policy Studies from George Washington University. Some of the resources discussed in the pod include: https://www.cisa.gov/resources-tools/resources/personal-security-considerations-action-guide https://www.cisa.gov/resources-tools/resources/preventing-workplace-violence-security-awareness-considerations-infographic https://www.dni.gov/files/NCTC/documents/jcat/firstresponderstoolbox/89s_-_Violent[…]il_Unrest_and_Public_Assemblies_in_the_United_States-survey.pdf Mobilization/SARs https://www.dni.gov/files/NCTC/documents/news_documents/Mobilization_Indicators_Booklet_2021.pdf https://www.dhs.gov/nationwide-sar-initiative-nsi Info sharing communities https://www.dhs.gov/fusion-centers https://www.nationalisacs.org/
Weekly Security Sprint EP 61. Iran, Hostile Events, Cyber awareness, Vehicle Ramming and more!
Weekly Security Sprint EP 60. Cyber news and breaches, security mindfulness, all-hazards and more!
Venue Security, The IAVM Podcast Series EP 4: “Don’t’ get complacent.” Christopher Post, on communications and preparedness.
In this episode of Venue Security, The IAVM Podcast Series, Andy Jabbour talks with Christopher Post, Assistant General Manager, Amarillo Civic Center Complex. Christopher graduated from West Texas A&M University with a Bachelor of Business Administration. He has been in venue management for 18 years and prior to that, was a professional musician for a little over 20 years (yes, he started very young!). As Assistant General Manager, his duties have included serving as the Emergency Coordinator and First-Aid Response Trainer for the Amarillo Civic Center since 2009. He is a graduate of IAVM’s AVSS and VMS. Read more at his complete LinkedIn profile.
- Amarillo Civic Center Complex® - Meet. Play. Celebrate.
- Christopher’s background.
- Clear, consistent, collaborative, communications.
- Throwing EAP’s in the trash a few times.
- The 10-80-10 rule.
- The value of full-scale exercises.
- Name dropping some champions from the community.
- More!
“It has to be muscle memory, it has to be automatic.”In the discussion we address:
Weekly Security Sprint EP 59. Terrorism news, Hurricanes, and Health Preparedness
The Gate 15 Interview EP 44: Faith-Based ISAO and DHS CISA on partnership, risk reduction, pizza MREs, and some great rock n’ roll
Weekly Security Sprint EP 58. Moscow Attack, Weather report, and much more
Nerd Out EP 46. Be Curious - Dave going solo!
In the latest episode of Nerd Out, Dave is solo and integrating his love for Ted Lasso into the security world. Challenging everyone to be curious, Dave evaluates the famous dart game in Ted Lasso (season 1) and calls out three points for individuals and organizations to be focused on as we evaluate threats. Whether it be the terrorist or extremist threat, or MDM, Dave reminds everyone to be mindful in their security preparedness planning.
Weekly Security Sprint EP 57. Terrorism threats, IoT labeling, Exploitation threats, and more.
Weekly Security Sprint EP 56. IC3 Report, Information Ops, Religious Holidays, Domestic Threats
Venue Security, The IAVM Podcast Series EP 3: Stella Salyer on Leadership, First Aid and Emergency Response: (way) better safe than sorry.
In this episode of Venue Security, The IAVM Podcast Series, Andy Jabbour talks with Stella Salyer, Assistant General Manager, Sales & Services, Virginia Beach Convention Center. Stella is a Nationally Registered Advanced Emergency Technician and volunteers every weekend in Virginia Beach’s 911 system. She holds certifications in Mass Casualty and Tactical Emergency Critical Care, Stop the Bleed instructor, and is a Proctor for Virginia Beach EMS’s Advanced EMT Academy. Read more at her complete LinkedIn profile. Contact Stella by email: ssalyer@vbgov.com.In the discussion we address:
- Stella’s background.
- First Aid and Emergency Response.
- Leadership during incidents.
- What’s on Stella’s mind.
- With a shoutout to Farrow Bouton, New Orleans Director of Event Services, for his and Smoothie King Center’s kind support to IAVM and AVSS 2024.
Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour, hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
Weekly Security Sprint EP 55. MDM, hostile events, health, and ransomware
Weekly Security Sprint EP 54. Board talks, AI, event preparedness, ransomware and more
The Gate 15 Interview with Kirk Cerny EP 43. Security, old wagons, leadership integrity, Wyoming, and… the afterlife?
Nerd Out EP 45. Venue security, extremist news, and what to look for in 2024.
Joe Levy is the Assistant General Manager at the Barclays Center.
Bridget Johnson is a terrorism and extremism expert who has decades worth of experience analyze threat activities.
Special Podcast. Lakewood Church Shooting with Faith-Based ISAO
In this special podcast, Andy welcomes in Dave and key members of the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) to talk about the Lakewood church shooting. They looked at how the event unfolded, security processes, and lessons learned. Guests include: Mayya Saab, the Executive Director of FB-ISAO Ed Heyman, Co-Chair of the FB-ISAO ORG Phil Froehlich, Co-Chair of the FB-ISAO ORG
Weekly Security Sprint EP 53. A Super Bowl amount of information - Church shooting, AI (good and bad), and much more.
In this week's Security Sprint, Dave and Andy discussed the following topics: Warm Start: Announcement! WaterISAC is excited to announce that this Spring, it will be hosting H2OSecCon as a one-day virtual event on Thursday, May 23 from 11 AM - 5 PM ET! T National Rural Water Association and WaterISAC Collaborate to Benefit Small Water Utilities Nationwide AMWA reiterates cybersecurity views to Homeland Security Subcommittee Lakewood Church Shooting Shooting at Joel Osteen's Lakewood Church in Houston: Female shooter killed, 5-year-old child shot Joel Osteen statement in response to this incident, post to Threads Woman Opens Fire at Joel Osteen’s Texas Megachurch During Live TV Broadcast Additional physical security items of note: Philadelphia Man Charged with Making Antisemitic and Islamophobic Threats Islamic State, Al-Qaeda Call for Violence Against Jewish Communities Following October 7 Attack Tennessee man who was working with militias planned to act as a sniper and attack Southern border, feds say. U.S. Strike in Baghdad Kills Iranian-Backed Militia Commander Iraq Criticizes US Strikes After Baghdad Attack Killed Iran-Backed Militant Group Commander CISA Releases Violence Prevention through De-escalation Video. AI. FCC Confirms that TCPA Applies to AI Technologies that Generate Human Voices AI-Generated Voices in Robocalls Are Now Illegal How a Biden AI robocall in New Hampshire allegedly links back to a Texas strip mall Taylor Swift deepfakes on X falsely depict her supporting Trump AI Deployed Nukes 'to Have Peace in the World' in Tense War Simulation NYPD and WhatsApp. https://nypost.com/2024/02/05/business/nypd-tests-old-school-tactics-in-the-bronx-to-combat-shoplifting/ Info Ops: Russia Is Boosting Calls for 'Civil War' Over Texas Border Crisis. Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content CISA Launches #Protect2024 Resources Webpage for State and Local Election Officials Quick Hits: Severe Weather: Historic storm sends debris through LA’s Hollywood Hills and leaves 1.1 million without power 3 dead as storm pummels California, causing flooding and dozens of mudslides in L.A. area More than 120 people are dead and entire neighborhoods have been reduced to ashes in record-breaking Chile wildfires The growing inadequacy of an open-ended Saffir–Simpson hurricane wind scale in a warming world Hurricanes are getting so intense, scientists propose a Category 6 More on Scams & Fraud: Think you know what the top scam of 2023 was? Take a guess As Nationwide Fraud Losses Top $10 Billion in 2023, FTC Steps Up Efforts to Protect the Public IRS warns tax professionals to be aware of EFIN scam email; special webinars offered next week Ransom where? Everywhere. Chainalysis: Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline Ransomware Payments Hit a Record $1.1 Billion in 2023 GRIT Ransomware Annual Report 2023 (Q1-Q4) The Record: Ransomware tracker: The latest figures [February 2024] Malwarebytes 2024 State of Malware: Known ransomware attacks up 68% in 2023 Nation States Subcommittee Chairman Garbarino Statement On PRC Persistent Access To U.S. Critical Infrastructure. CISA and Partners Release Advisory on PRC-sponsored Volt Typhoon Activity and Supplemental Living Off the Land Guidance NSA: Combatting Cyber Threat Actors Perpetrating Living Off the Land Intrusions. NSA and Partners Spotlight People’s Republic of China Targeting of U.S. Critical Infrastructure More Cyber News. Verizon insider data breach hits over 63,000 employees Ivanti: CVE-2024-22024 (XXE) for Ivanti Connect Secure and Ivanti Policy Secure Researchers say attackers are mass-exploiting new Ivanti VPN flaw UK NCSC: Vulnerability management Canadian Centre for Cyber Security How updates secure your device (ITSAP.10.096)
Venue Security, The IAVM Podcast Series EP 2: Gil Fried, The Crowd Management Doctor on Training and Supervising Security Staff
In this episode of Venue Security, The IAVM Podcast Series, Andy Jabbour talks with Gil Fried, Professor and Assistant Dean of the College of Business at the University of West Florida and a member of the International Association of Venue Managers (IAVM) Venue Safety and Security Committee. In the discussion we address:
- Gil’s background.
- Training and Supervising Security Staff.
- Sports Facilities and the Law & Crowd Management Doctor (on YouTube).
- What’s on Gil’s mind, including raucous crowds.
Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour, hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
Weekly Security Sprint EP 52. Geo-political impacts, cyber warnings, BEC, scams, ransomware and more!
Weekly Security Sprint EP 51. Confiscated weapons, new DOJ / FTC guidance, AI, and more cyber news.
Weekly Security Sprint EP 50. Uvalde Report, Sextortion, Ransomware and new Resources
New Tribal-ISAC podcasts!
Raise Your Tribes Cybersecurity IQ: Part 1
Raise Your Tribes Cybersecurity IQ: Part 2
CISA Releases 2023 Year in Review!
Uvalde. Justice Department Releases Report on its Critical Incident Review of the Response to the Mass Shooting at Robb Elementary School in Uvalde, Texas.
Ransomware
Ransomware Resilience: You can’t afford _not_ to exercise!
Check Point Research: 2023 – The year of Mega Ransomware attacks with unprecedented impact on global organizations
New ransomware:
Pings Ransomware
Slug (via X, victim claimed in today’s ransomware listings)
Insane (via X, victim claimed in today’s ransomware listings)
First American cyber incident expected to impact Q4 2023 financials; Delayed closing due to the Dec. 20, 2023, cyber incident are expected to lead to weaker fourth quarter financials at the title firm
Toronto Zoo says staff personal info stolen in ransomware cyberattack
Ransomware negotiation: When cybersecurity meets crisis management
Sextortion: A Growing Threat Targeting Minors.
UK NPSA: Counter-State Threats.
UK NPSA: SCaN for Line Managers.
Quick Hits
New USGS map shows where damaging earthquakes are most likely to occur in US.
US Secret Service: Live Virtual Presentations on Targeted Violence Prevention.
CISA - Active Shooter Preparedness Webinar, Region 9 - 7 FEB 2024
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
CISA: Cybersecurity Guidance: Chinese-Manufactured UAS
Election 2024
Authorities map out potential threats ahead of New Hampshire primary
OpenAI bans bot impersonating US presidential candidate Dean Phillips
AI is destabilizing ‘the concept of truth itself’ in 2024 election
Former Jan. 6 Select Committee deleted more than 100 encrypted files from its probe in the days before Republicans took over the House majority
The Gate 15 Interview EP 42: Foster on building high-performing cybersecurity teams, complex threats, bringing the noise and musical obsessions
In the discussion we address:
Eric’s origin story
His experience as a founder and entrepreneur, and the importance of mentorship
Building high-performance teams and developing corporate culture
Eric’s work from founding CYDERES to his current work with Stairwell
The complex intersection of geopolitical threats and increased conflict in a world that is rapidly accelerating in positive directions in technology
We play Three Questions and talk careers in an alternate universe, flying through space with Elon, Eric’s musical obsessions, and more – including Radiohead and Sleep Token!
A few references mentioned in or relevant to our discussion include:
CYDERES
Stairwell
Learn more about the Stairwell Culture
Google Blog: A new approach to China, January 12, 2010 (in late 2009, Google was the victim of a major cybersecurity attack, code named Operation Aurora)
Nerd Out EP 44. The Middle East, threats to Houses of Worship, and 2024 Outlook
Weekly Security Sprint EP 49. ISAC news, weather impacts, plus your dose of cyber and physical security news
ISAC Exciting Announcements!
Tribal-ISAC joins National Council of ISACS for cyber security, information sharing
Japanese Auto-ISAC and Auto-ISAC Formalize Agreement to Enhance Vehicle Cybersecurity
Severe Weather Awareness
Iowa Caucus Impacts
Texas "Freeze"
Buffalo Bills great stadium dig-out
Main Topics
School Data Base Leak. www.wired.com/story/us-school-shooter-emergency-plans-leak/
SEC X Compromise.
SEC account hack renews spotlight on X's security concerns
US SEC says breach of its X account did not lead to breach of broader SEC systems
A Hacker's Perspective: Social Media Account Takeover Prevention Guide
Scams. news.trendmicro.com/2024/01/12/fake-apple-and-capital-one-notifications-top-scams-of-the-week/
Physical Threats.
Malicious Actors Threaten U.S. Synagogues, Schools, Hospitals, and Other Institutions With Bomb Threats, 12 Jan. “Since 8 December 2023, the FBI has opened investigations on more than 100 separate threats targeting more than 1,000 institutions in 42 states and the District of Columbia."
New FB-ISAO Newsletter! FB-ISAO Newsletter, v6, Issue 1.
US, UK launch retaliatory strikes against Houthis in Yemen
Protests erupt outside Yemen Mission in NYC to condemn US attacks on Houthi rebels — some protesters attacking couple holding Israeli flag: ‘Long live Hamas, you piece of s–t!’
Joint Statement from the Governments of Australia, Bahrain, Canada, Denmark, Germany, Netherlands, New Zealand, Republic of Korea, United Kingdom, and the United States
Statement from President Joe Biden on Coalition Strikes in Houthi-Controlled Areas in Yemen
Statement by Secretary of Defense Lloyd J. Austin III on Coalition Strikes in Houthi-Controlled Areas of Yemen
Background Press Call by Senior Administration Officials and Senior Military Official on Developments in the Middle East
Houthi rebels say US will pay a ‘heavy price’ for strikes that killed 5, injured
Lulzsec Hacktivists Leak American Bank Logins in Protest Against Yemen Airstrikes
Moscow Blasts U.S.-British Strikes in Yemen
Who Are the Houthis and Why Did the US and UK Launch Strikes on Them?
Quick Hits
FBI arrests Florida man accused of threatening ‘mass casualty event’
American intel officials warn of risk of Hezbollah attacking U.S.
Ivanti Vulnerabilities. Ivanti Blog Post: Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CERT-NZ: Vulnerabilities in Ivanti Connect gateways actively exploited
Canadian Centre for Cyber Security Ivanti security advisory (AV24-020)
Ivanti warns of Connect Secure zero-days exploited in attacks
Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers
Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation.
Canadian Centre for Cyber Security Ivanti Connect Secure and Ivanti Policy Secure gateways zero-day vulnerabilities
Risky Biz News: Chinese APT exploits two Pulse Secure zero-days
Ivanti Zero-Day Vulnerabilities (CVE-2023-46805 and CVE-2024-21887)
State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet
Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns
The vulnerability forecast for 2024
WEF: Global Cybersecurity Outlook 2024
Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015
Weekly Security Sprint EP 48. Physical Security Galore!
New! Venue Security, The IAVM Podcast Series: Mark Herrera on leadership, resilience and partnership. In this inaugural episode of Venue Security, The IAVM Podcast Series, Andy Jabbour talks with Mark Herrera, Director of Education for the International Association of Venue Managers (IAVM).
Physical Security Incidents and Challenges
Motive sought for mass shooting at Prague university that left more than a dozen dead
1 killed, 5 injured by Iowa school shooter on the first day after winter break
FBI calls bomb threats that led to brief lockdowns and evacuations of some state capitols a hoax
Bomb Hoaxes and ‘Swatting’ Attempts Target Public Officials as 2024 Begins
CA synagogues on high alert after receiving threatening emails
Suspects held over alleged Argentina parcel plot
Blasts kill nearly 100 at slain commander Soleimani's memorial; Iran vows revenge
Islamic State claims responsibility for deadly Iran attack, Tehran vows revenge
CAIR: Join the Jan. 13th ‘March on Washington for Gaza’ in Washington, D.C.
Groups plan massive march for Gaza cease-fire in DC next week. The Council on American-Islamic Relations (CAIR) and other organizers will begin the Gaza solidarity event at the National Mall on Jan. 13 at 1 p.m., gathering near the Washington Monument.
CISA: Personal Security Considerations Action Guide. This action guide provides actionable recommendations and resources intended to prevent and mitigate threats to a critical infrastructure worker’s personal safety.
Election Season Challenges
FBI Washington Field Office Marks Third Anniversary of January 6 Violence at the U.S. Capitol
A quarter of Americans believe FBI instigated Jan. 6, Post-UMD poll finds
Pence dismisses conspiracy theory FBI instigated Jan. 6 attack
Quick Hits: Enduring Threats!
Multiple Hazard Storm Impacting the Central and Southern U.S.
Exceptional winter storm to bring travel woes as it wallops central and eastern US
President Joseph R. Biden, Jr. Approves Rhode Island Disaster Declaration
NOAA: Get your snow smarts on: 9 forecast tools you can use; Find out if rain, snow, sleet and hail are coming your way
Ransomware.
TribalHub: Ransomware Resilience Best Practices.
British Library ransomware cyber attack ‘set to cost £7million’
The State of Ransomware in the U.S.: Report and Statistics 2023
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data
After injecting cancer hospital with ransomware, crims threaten to swat patients
LockBit leveraging vulnerable drivers to disable security solutions in latest campaigns
Motor Mouth: Ransomware is coming for the auto industry
PS99, hopes for free diamonds leads to ransomware
The Week in Ransomware - January 5th 2024 - Secret decryptors
Law firm that handles data breaches was hit by data breach
San Bernardino housing authority cyberattack affected nearly 19,000 people
At Least 141 Were Hospitals Directly Affected by Ransomware Attacks in 2023
Electronic Ransomware
Zeppelin ransomware source code sold for $500 on hacking forum
Uncovering Rhysida and their activities
Ransomware Roundup - 8base
Albabat Ransomware
Another covid wave hits U.S. as JN.1 becomes dominant variant.
COVID Mask Mandates Return to Hospitals in Five States
FBI PSA: Chinese Police Imposters Incorporate Aggressive Tactics to Target U.S.-Based Chinese Community.
Ukraine says Russia hacked web cameras to spy on targets in Kyiv
Venue Security, The IAVM Podcast Series EP 1: Mark Herrera on leadership, resilience and partnership
In this inaugural episode of Venue Security, The IAVM Podcast Series, Andy Jabbour talks with Mark Herrera, Director of Education for the International Association of Venue Managers (IAVM). In the discussion we address:
- Mark’s background.
- We introduce this new podcast series.
- Leadership & Team Engagement.
- Building Resilience.
- Building Partnerships.
- What’s on Mark’s mind.
Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour, hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
Weekly Security Sprint 47. New SEC rules, AI, embezzlement, ransomware and more.
The Gate 15 Interview EP 41. Cyware’s Tom Stockmeyer on info sharing, threat intel, collective defense, popcorn and The Big House
In this episode of The Gate 15 Interview, Andy Jabbour welcomes Tom Stockmeyer, Cyware’s Director, Enterprise East, ISAC's and Federal. Cyber security leader with experience in helping threat sharing communities such as ISACs and ISAOs and their Member companies improve the fidelity of their intel and accelerate threat intel sharing amongst Members. Tom served in the Marine Corps from 1979 to 1983. He has an MBA from the Michael Coles School of Business, Kennesaw University. Tom has held several executive positions, has served on numerous technology Boards.
- Tom on LinkedIn.
In the discussion we address:
- Tom’s background from the Marine Corps to technology, entrepreneurship, to Cyware.
- Information Sharing successes and challenges, ISACs, ISAOs and Cyware helping to secure organizations across the Fortune 1000 and more.
- Challenges to effective info sharing.
- A shoutout to the good work being done at Aviation ISAC.
- Cyware, continuous innovation and automated collective defense.
- Long weekends and holiday threats.
- We play Three Questions and talk microwave food, the Marines, classic rock, classic movies and more!
A few references mentioned in or relevant to our discussion include:
- Cyware
- Intelligence Sharing is Caring: Collective Defense for a Safer Nation, an article in HS Today by Cyware CEO Anuj Gul, 13 Dec 2023
- Cyware Intel Exchange (CTIX)
- Cyware Collaborate (CSAP)
- Cyware Solutions for ISACs, ISAOs, and CERTs
- The Gate 15 Interview: Jeff Troy, President, Aviation ISAC, on public service, cybersecurity, understanding threats (and… colonizing the ocean?)
Nerd Out EP 43: Reviewing security predictions, and security news of the year
Weekly Security Sprint EP 46. Hostile Events, Scams, Cyber Threats, and the Weatherman
US critical infrastructure sector faces cyber threats surge in 2023, calls for urgent action, enhanced measureswith input from Denise Anderson, President and CEO of the Health Information Sharing and Analysis Center (Health-ISAC), and Gate 15’s own Jennifer Lyn Walker, in her capacity as Director of Infrastructure Cyber Defense for WaterISAC
UNLV Shooting. www.cnn.com/us/live-news/unlv-shooting-12-06-23/index.html
DHS Releases Physical Security Performance Goals for Faith-Based Communities. Building on longstanding efforts and redoubling work to support faith-based communities in response to the ongoing conflict in the Middle East, the Department of Homeland Security (DHS), through Cybersecurity and Infrastructure Security Agency (CISA), released new resources to help houses of worship and other faith-based organizations enhance their security. These Physical Security Performance Goals – modeled after the successful Cybersecurity Performance Goals – are a collection of cost-effective actions specifically tailored for faith-based organizations that can be implemented to reduce risk without sacrificing accessibility.
Severe Weather.
Winter weather. www.newsweek.com/winter-storms-warnings-states-snow-wind-1851154
Tornados. www.tennessean.com/story/news/local/2023/12/09/tennessee-tornadoes-clarksville-springfield-nashville-madison-hendersonville-fatalities-severe-storm/71866438007/
Scams.
FBI Warning. www.fbi.gov/contact-us/field-offices/norfolk/news/fbi-warning-tis-the-season-for-holiday-scams
FTC consumer.ftc.gov/consumer-alerts/2023/11/stay-scam-free-no-matter-how-far-away-you-roam
Cybersecurity Publications.
The Record at Recorded Future: FBI explains how companies can delay SEC cyber incident disclosures
CrowdStrike: How Malicious Insiders Use Known Vulnerabilities Against Their Organizations
Trend Micro’s 2023 Review: Reflecting on Cybersecurity Trends
Quick Hits
Texas Bomb Threats. www.msn.com/en-us/news/us/statewide-bomb-threat-hoax-hits-texas-schools/ar-AA1ldyG2
ORC. homeland.house.gov/hearing/from-festive-cheer-to-retail-fear-addressing-organized-retail-crime/
FEMA Advisory: FEMA’s National Preparedness Report Highlights Cyber Security, Building Codes and Individual Preparedness for a Resilient Nation
Google’s Year in Search
CISA: Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk
CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard
Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign
Apple Report: 2.6 billion personal records compromised by data breaches in past two years — underscoring need for end‑to‑end encryption
Forescout Vedere Labs discloses 21 new vulnerabilities affecting OT/IoT routers
Sellafield nuclear site hacked by groups linked to Russia and China
Ministers pressed by Labour over cyber-attack at Sellafield by foreign group
Britain dismisses report claiming Sellafield nuclear site hacking, says no malware exists on our system
Burglaries at over 40 Denver-area marijuana dispensaries lead to charges for members of two organized crime groups
Police Log: Man Arrested for Armed Robbery at Dispensary, Employee Busted for Stealing Packages
Suspect charged in break-in at Ferndale cannabis store
'Horrifying': Store clerk kicked unconscious in string of violent cannabis robberies
Why was the Ontario Cannabis Store sitting on a CA$500 million cash stockpile?
Weekly Security Sprint EP 45. Physical Security incidents, geo-political considerations, weather updates, and more.
In this week's Security Sprint, Dave and Andy talk about the following topics.
- TribalHub's Fall 2023 Magazine is Here!
- ZeroFox Unspoken Security Podcast: Build Diverse Teams...or Die! In this episode of Unspoken Security, AJ Nash and Errol Weiss - Chief Security Officer for the Health Information Sharing and Analysis Center (Health-ISAC) - talk about the importance of building diverse intelligence teams. They share their insights on the evolution of program and team building over the last decade (or more) and focus on how the exponential growth of hybrid and remote work as a result of the COVID-19 pandemic has changed our world.
Terrorism & Extremism
- Former U.S. Marine Pleads Guilty to Firebombing a Planned Parenthood Clinic. https://www.justice.gov/usao-cdca/pr/former-us-marine-pleads-guilty-firebombing-planned-parenthood-clinic-orange-county-and
- 19-Year-Old Charged with 13 Counts of Interstate Threats. https://www.justice.gov/usao-pr/pr/19-year-old-victoria-gabriela-rodriguez-morales-charged-13-counts-interstate-threats
- On the Release of the 2022 Country Reports on Terrorism
- US Department of State: Country Reports on Terrorism 2022
- German Police Arrest Islamist Teens Planning Attack on Christmas Market, Synagogue
- ‘Goal is at least 20 people’: Teen arrested for allegedly threatening to shoot up church in comments on YouTube videos about Pulse nightclub massacre
- Dozens of Troops Suspected of Advocating Overthrow of US Government, New Pentagon Extremism Report Says
- 'Can't wait for the innocent to die': Man arrested for terrifying bomb threats via 911 texts
Severe Weather
- Record Breaking Losses. https://www.wsj.com/articles/a-punishing-year-of-thunderstorms-has-led-to-record-breaking-losses-102bfb0d?mod=hp_minor_pos10
- 2023 Atlantic hurricane season ranks 4th for most-named storms in a year
Geopolitics & Cascading Effects
- Suspected terror attack in France; One dead, two injured, after attacker yells 'Allahu akbar' and attacks passersby near Eiffel Tower
- Knifeman kills German tourist, wounds others near France's Eiffel Tower
- Paris knife attacker 'swore allegiance to IS' terrorist group, suffered from mental issues
- Paris attack: Mother of suspect had 'reported concerns', prosecutor says
- Paris attack: How the terrorist's confusing profile fooled those monitoring him
- Paris attack: What we know about Armand Rajabpour-Miyandoab, who killed one and injured others near the Eiffel Tower
- Las Vegas police, FBI foil reported terror plot involving Islamic State
- 15 New York synagogues hit with false bomb threats on Friday
- FBI New York Warns of Charity Fraud During Israel-Hamas Conflict
- FBI Jacksonville Warns of Charity Fraud Amid Conflicts
- CISA: Threat Actors Targeting Unitronics Devices Used in Water Facilities
- CISA warns of attacks on Unitronics tool used by water utilities, wastewater systems
- Federal officials investigating after pro-Iran group allegedly hacked water authority in Pennsylvania
Quick Hits
- Thousands of fake Facebook accounts shut down by Meta were primed to polarize voters ahead of 2024
- Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers
- Will ChatGPT write ransomware? Yes.
- IRS, Security Summit partners launch 2023 National Tax Security Awareness Week focusing on holiday scams, protecting personal information as tax season nears
- Justice Department Announces Charges in Connection with Foiled Plot to Assassinate U.S. Citizen in New York City
- CISA Announces Secure by Design Alert Series: How Vendor Decisions Can Reduce Harm at a Global Scale
- CISA - Unlocking Tomorrow’s Cybersecurity: A Sneak Peek into ReadySetCyber
Weekly Security Sprint EP 44. False alarms, scams, holiday risks and more!
The Gate 15 Interview EP 40: Akmal Ali on the four core tenants of effective security management, dodging wrenches, and enjoying the Monday mornings!
Weekly Security Sprint EP 43. Workplace Violence, passwords, and security quick hits.
Workplace Violence. CISA: Preventing Workplace Violence: Security Awareness Considerations Infographic. The Preventing Workplace Violence: Security Awareness Considerations Infographic is a new CISA product designed for critical infrastructure leaders, human resources personnel, managers, and workers of any level.
Passwords. The worst passwords of 2023 are also the most common, "123456" comes in first. NordPass has published their 2023 edition of the top 200 most common passwords and unsurprisingly very few of the entries are secure. The top 10 can all be cracked in under a second using simple brute-force tools.
Dave Round-UP
CDC - Flu season. www.cidrap.umn.edu/influenza-general/us-flu-activity-continues-rise-steadily
Taylor Swift. abcnews.go.com/International/Culture/taylor-swift-fan-dies-eras-tour-concert-rio/story?id=105006498
Security guard incident in Canada which was captured on Social Media.
FBI IC3 PSA: 2023 Holiday Shopping Scams
2023 Holiday Scam Predictions—Here’s What You Should Know
FBI Warns of Scammers Targeting Senior Citizens in Grandparent Scams and Demanding Funds by Wire, Mail, or Couriers
Pro Bono Investigations for Elderly Scam Victims
Threats to Homeland
The Committee on Homeland Security: Worldwide Threats to the Homeland
Witness testimony can be found here
Director Wray's Opening Statement to the House Committee on Homeland Security.
U.S. political violence driven by new breed of ‘grab-bag’ extremists
Ransomware
CSA - Scattered Spider
#StopRansomware: Rhysida Ransomware
CISA Releases Update to Royal Ransomware Advisory
AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2)
Quick Hits
Faith-Based and Israel-Gaza Related Updates: FB-ISAO Newsletter, v5, Issue 11.
Official Tribal-ISAC Announcement: Tribal-ISAC Announces Membership as an Approved Expense of the Tribal Cybersecurity Grant Program
CISA turns 5 and looks to the future
Critical infrastructure policy rewrite expected to ‘emphasize’ CISA, NSC official says
Readout of President Joe Biden’s Meeting with President Xi Jinping of the People’s Republic of China
China is using the world’s largest known online disinformation operation to harass Americans, a CNN review finds
NCSC Annual Review 2023 - Looking back at the National Cyber Security Centre's seventh year and its key developments and highlights, between 1 September 2022 and 31 August 2023
CISA: Secure Tomorrow Series Toolkit
ACSC and CISA Release Business Continuity in a Box
HHS Factsheet: National Climate Assessment 5 Unveiled
FCC Adopts Rules to Protect Consumers' Cell Phone Accounts
Weekly Security Sprint EP 42: Ransomware, Resilience, MDM and more.
Nerd Out: EP 42. A holiday extravaganza with security tips and the annual holiday food review!
Joe Levy is the Assistant General Manager at the Barclays Center.
Bridget Johnson is a terrorism and extremism expert who has decades worth of experience analyze threat activities.
Weekly Security Sprint EP 41. Normalizing violent threats, Critical Infrastructure Security and Resilience month, cybersecurity resources and tools.
Weekly Security Sprint EP 40. Maine, expanded conflict, scams, and more!
In this week's Security Sprint, Dave and Andy talked about the following topics:
Maine Shootings
- Attorney General Merrick B. Garland Statement on the Suspect in the Lewiston, Maine, Mass Shooting
- Statement from FBI Boston Division Special Agent in Charge Jodi Cohen on the Lewiston, Maine, Mass Shooting
- Maine shootings: gunman suspected of killing 18 people found dead
- Maine Shooting Suspect’s Body Found in Trailer: Officials
- Maine police alerted about ‘veiled threats’ from Robert Card weeks before mass shooting
- Mystery note left behind by Maine mass shooting suspect revealed
- Robert Card legally bought rifle believed to be used in Maine massacre days before mental health treatment: report
FB-ISAO: October 2023 Threat Level Statement Update – Threat Levels Raised to ELEVATED.
- The Physical Threat Level is “ELEVATED.” ELEVATED means that FB-ISAO is unaware of any specific threats, but there is concern that an event is more likely than normal. We are also closely monitoring events and are considering an escalation to “SEVERE,” meaning that an event is highly likely, but decided to not escalate to that level at this time.
- The Cyber Threat Level is “ELEVATED.” ELEVATED means that FB-ISAO is unaware of any specific threats, but there is concern that an event is more likely than normal.
Scams
- FBI IC3 PSA - Scammers Solicit Fake Humanitarian Donations: “The FBI is warning the public that scammers are committing charity fraud by soliciting fake humanitarian donations during the Israel HAMAS conflict. Scammers quickly pivot to charity fraud when catastrophic events occur, such as a war, a natural disaster, or an epidemic.”
- Anonymous Sudan Claims KFC Cyberattack Amidst Geopolitical Tensions
- Shooting outside Upper Darby mosque under investigation: police
- Cops stop car showing anti-Israel slogans, swastikas; say loaded gun found inside. Driver reportedly aimed to 'educate the public' on Israel-Hamas war's 'true events.'
- Israel flag in front of Nash Co. church vandalized
- CAIR Video: Muslim Woman Targeted by Hateful Tirade in Maryland
Quick Hits
- Risky Biz News: CitrixBleed vulnerability goes from bad to disastrous.
- Mass exploitation of CitrixBleed vulnerability, including a ransomware group.
- CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway
- Neuberger: New global initiatives will include information sharing, ransomware payment tracking
- DDoS threat report for 2023 Q3
- CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
- Cisco IOS XE Software Web UI Command Injection Vulnerability
- CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2023-20273 Cisco IOS XE Web UI Unspecified Vulnerability
- Space ISAC Watch Center Prepares for Cyber Threats in Space
- Empowering Small and Medium-Sized Businesses; A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan
- Logging Made Easy. CISA’s newest tool is a free and open logging and protective monitoring solution serving all organizations. Secure your Windows-based equipment today with Logging Made Easy.
Weekly Security Sprint EP 39. ISIS call to action, ransomware, and FBI reporting
Hurricane season thoughts.
ISIS Calls for Jewish Attacks Around the World. “Terrorist group ISIS has called for violent targeting of Jewish people worldwide in response to the ongoing conflict between Israel and Hamas… Published on Friday in Arabic in Al-Naba, a weekly magazine by ISIS, it advocates for violence and murder against Jewish people worldwide.
Ransomware
New Portman Report Demonstrates Threat Ransomware Presents to the United States. “This report details the attacks by Russia-based ransomware group REvil on three American companies, and the experiences of those companies during the incident response."
CISA, NSA, FBI, MS-ISAC Publish Updated #StopRansomware Guide
UK NCSC: Principles for ransomware-resistant cloud backups; Helping to make cloud backups resistant to the effects of destructive ransomware.
Our new principles to help make cloud backups more resilient; Introducing a new set of NCSC principles to strengthen the resilience of organisations' cloud backups from ransomware attackers.
Canadian Centre for Cyber Security - Social engineering – ITSAP.00.166, Social engineering – ITSAP.00.166 (PDF, 267 KB)
Phishing Guidance: Stopping the Attack Cycle at Phase One
FBI Releases 2022 Crime in the Nation Statistics. The FBI released detailed data on over 11 million criminal offenses reported to the Uniform Crime Reporting (UCR) Program… The FBI’s crime statistics estimates for 2022 show that national violent crime decreased an estimated 1.7% in 2022 compared to 2021 estimates.
Statement from President Joe Biden on Hate Crime Statistics
FBI report: Violent crime decreases to pre-pandemic levels, but property crime is on the rise
Violent crime down, carjackings up, according to FBI crime statistics
FBI: Violent Crime Down To Pre-Pandemic Levels, But Property Crimes Rising
ADL: FBI Data Reflects Deeply Alarming Record-High Number of Reported Hate Crime Incidents in the U.S. in 2022
UCR’s Crime Data Explorer
Quick Hits:
Russia, shifting tactics, fans doubt in election integrity, U.S. says; A new intelligence assessment indicates the Kremlin appears to be expanding its long-running efforts to weaken the world’s democracies
CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
"The Phantom Hacker:" FBI Phoenix Warns Public of New Financial Scam
CISA: Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks
FBI IC3 PSA: Additional Guidance on the Democratic People's Republic of Korea Information Technology Workers
The Gate 15 Interview EP 40: The Return of Kim Milford! On being a CISO, cyber resilience in higher ed and… cumquats?
Kim on LinkedIn.
In the discussion we address:
Life as a CISO
Social engineering and taking a more human-centric approach to security
Identity as an initial attack vector
Challenges around regulated research
Private-Public Partnership
Cyber Resilience
Liberated thinking on strategy and technology
Digital Twins and privacy (link to Gartner)
And we play Three Questions with Kim Milford
A few references mentioned in or relevant to our discussion include:
University of Illinois Urbana-Champaign, Office of the Chief Information Officer Technology Services
EDUCAUSE
CISA The Power of Resilience, 09 Aug 2023
The Gate 15 Interview: From Blended Threats to Pandemic Lessons Learned, a Candid Conversation on Higher Education Security and Resilience with REN-ISAC’s Kim Milford (23 November 2020)
Gate 15: Security Spotlight: An Interview with REN-ISAC Executive Director, Kim Milford (11 June 2018)
Nerd Out: EP 41. Dave Clark joins to talk about MDM and other nerd topics.
Dave Clark is....
Weekly Security Sprint EP 38. Protests, hostile events, security vulnerabilities and reports and more.
Israel War
Director Wray Addresses International Association of Chiefs of Police Conference.
FBI director warns of rise in terror threats against Americans, potential copy-cat attacks on US soil.
Faith Based Updates: FB-ISAO Newsletter, v5, Issue 10
The White House Office of Faith-Based and Neighborhood Partnerships releases Allied Against Hate: A Toolkit for Faith Communities - Tools and Resources to Protect Places of Worship
DHS: Resources and Information for Faith and Community Leaders Regarding the Situation in Israel
Hostile Events
State Fair of Texas evacuated after shooting, one suspect in custody
Suspect charged in State Fair of Texas shooting that injured 3
School plot: www.news4jax.com/news/local/2023/10/06/3-creekside-high-students-facing-charges-for-school-threat-hit-lists-deputies-say/
Nation State.
12 October 2023 NCSC / FBI Safeguarding Our Future bulletin – Russian Intelligence Poses a Persistent Threat to the United States.
IBM Security Intelligence: 10 years in review: Cost of a Data Breach
Quick Hits
Signal says there is no evidence rumored zero-day bug is real.
Ransomware: CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware. As part of the Ransomware Vulnerability Warning Pilot (RVWP), CISA launched two new resources for combating ransomware campaigns:
Ransomware Vulnerability Warning Pilot updates: Now a One-stop Resource for Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware
Colonial Pipeline was hacked. No, wait, Accenture was hacked. No, wait….. untangling claims. (2)
Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
Reports of second cyberattack on Colonial Pipeline false, company says
Robert M. Lee on ransomware group statement.
Newest Ransomware Trend: Attackers Move Faster with Partial Encryption
The Week in Ransomware - October 13th 2023 - Increasing Attacks
US Secret Service: Announcing a New Series of Live Virtual Presentations on Targeted Violence Prevention.
CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments
CISO Research Reveals 90% of Organizations Suffered At Least One Major Cyber Attack in the Last Year; 83% Report Ransomware Payments
FTC Data Shows Consumers Report Losing $2.7 Billion to Social Media Scams Since 2021
UK NCSC: Mastering your supply chain: A new collection of resources from the NCSC can help take your supply chain knowledge to the next level
EPA calls off cyber regulations for water sector
Weekly Security Sprint EP 37. Conflict in the Middle East, CISA advisories, lessons learned, and more!
War in Israel
CISA Top 10 Cybersecurity Misconfigurations.
NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations
Virginia Beach Shooting Lessons Learned.
State commission reviewing Virginia Beach mass shooting offers little new insight but recommends more tools for its work.
Gate 15 offers our Hostile Event Preparedness Series and check out the Gate 15 White Paper on The Hostile Event Attack Cycle (HEAC). and we’d be happy to help your organization with active shooter/hostile events planning, exercising and overall preparedness. Don’t wait.
CISA: National School Safety Summit. The National Summit on K-12 School Safety and Security, hosted by the Cybersecurity and Infrastructure Security Agency (CISA), brings federal, state and local school leaders together to share actionable recommendations that enhance safe and supportive learning environments in kindergarten through grade 12 (K-12) schools. To register, please visit 2023cisaschoolsummit.eventbrite.com.
Red Cross Issues Wartime Hacktivist Rules; Attackers Shockingly Don’t Care
Quick Hits
Microsoft: Espionage fuels global cyberattacks
Ransomware: MGM Resorts Refused to Pay Ransom in Cyberattack on Casinos; Fallout will have a $100 million negative impact on quarterly earnings, Las Vegas-based company says
CISA and NSA Release New Guidance on Identity and Access Management
FBI Highlights Online Safety Tips During Cybersecurity Awareness Month.
Germany Political Event (or something). apnews.com/article/germany-afd-chrupalla-rally-incident-hospital-61606f839d8563ee77228dbd914ae35f
Weekly Security Sprint EP 36. Cybersecurity Awareness Month, Physical Security issues, Ransomware and much more!
Cybersecurity Awareness Month.
A Proclamation on Cybersecurity Awareness Month, 2023.
CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World
Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories
NSA Releases Guidance on Acceptance Testing for Supply Chain Risk Management
Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers
CISA: Cyber Training Bulletin
Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories
NSA Launches 10th Annual Codebreaker Challenge for 2023
Check out NSA Cyber Director Rob Joyce’s social media meme-fest! Here, on Threads.
Gate 15, along with many ISACs, ISAOs and other great organizations, is Cybersecurity Awareness Month Champion!
Headlines
Beware of Floor Plans. www.cnn.com/2023/09/28/politics/dhs-investigating-ransomware-attack
FBI PIN: Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends
Most dual ransomware attacks occur within 48 hours.
Ransomware attack on Johnson Controls may have exposed sensitive DHS data
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The Week in Ransomware - September 29th 2023 - Dark Angels
FB-ISAO: September 2023 Threat Level Statement Update – Threat Levels Remain at GUARDED.
The U.S. National Strategy to Counter Antisemitism: Key Actions by Pillar | The White House
Fact Sheet: Biden-Harris Administration Takes Landmark Step to Counter Antisemitism | The White House
Secretary Mayorkas Delivers Remarks at the Protecting Places of Worship Roundtable.
Peruvian National Arrested In Peru For Sending Over 150 Hoax Bomb Threats To Schools And Other Institutions In The United States And Soliciting Child Pornography.
VA man who made threats against church arrested after showing up to Sunday service armed with gun, knive
Armed suspect arrested at Haymarket church, while service in progress Sept. 24 - Bull Run, VA
Pastor says ‘miracle of God’ led to peaceful arrest of armed man at Va. church
Target Press Release: Target Closes Select Stores to Prioritize Team Member and Guest Safety
US GAO - Critical Infrastructure Protection: National Cybersecurity Strategy Needs to Address Information Sharing Performance Measures and Methods.
Quick Hits
FCC Net Neutrality. techcrunch.com/2023/09/26/fcc-announces-plans-to-reinstate-net-neutrality/
Apple updates. www.securityweek.com/macos-14-sonoma-patches-60-vulnerabilities/
Prepare for the unlikely. www.dhs.gov/science-and-technology/news/2023/09/25/preparing-unlikely
FBI PSA: "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings
FEMA and FCC Plan Nationwide Emergency Alert Test for Oct. 4, 2023. Test Messages Will be Sent to All TVs, Radios and Cell Phones
Massive emergency alert test scheduled to hit your phone on Wednesday. Here's what to know.
Bridging the gender gap in the public sector.
Bipartisan Senate Intelligence Committee Report Warns of New Threats from China and Russia (PDF report)
CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber. People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Global Engagement Center Special Report: How the People’s Republic of China Seeks to Reshape the Global Information Environment.
Critical vulnerabilities in Exim threaten over 250k email servers worldwide.
CISA releases Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management.
A Hardware Bill of Materials Framework for Supply Chain Risk Management
A Hardware Bill of Materials Framework for Supply Chain Risk Management Fact Sheet
The Cybersecurity 202 - Want to learn what’s in your hardware? CISA has an idea for that.
Weekly Security Sprint EP 35. Yes, Virginia, Jen is a big deal, plus security planning, scams, threat TTPs, and more!
The Gate 15 Interview EP 39: Malicious Info Operations & MDM, the Space Sector, supply chain resilience, the City of Light, and nudging the world in a better direction.
In this episode of The Gate 15 Interview, Andy Jabbour talks with Robert (Bob) Kolasky, “Advancing National Security Risk Management through Technology, Innovation and Governance,” who is presently serving as Senior Vice President for Critical Infrastructure at Exiger, where he is focusing on developing cutting-edge risk management solutions for critical infrastructure companies and supporting government agencies. Leads market strategy for addressing third party and supply chain risk in critical infrastructure and delivering analysis to support enhanced business and government operations. He also serves in a number of other roles including:
- Nonresident Scholar, Technology and International Affairs Program, Carnegie Endowment for International Peace
- Senior Associate, Center for Strategic and International Studies (CSIS)
- Senior Fellow, McCrary Institute at Auburn University
- Bob on LinkedIn.
- Bob on Twitter, @BobKolasky.
- We talk on Information Sharing Operations including the grouping of Mis- Dis- and Mal- info and what those terms mean, free speech and private-public coordination, solutions, and a speed round!
- We revisit our discussion on space as critical infrastructure.
- We explore what’s on Bob’s mind, including protecting our supply chains and cloud security.
- Three (more!) Questions with Bob Kolasky as we talk about scooters, the City of Light/the City of Love, and nudging the world in a better direction.
- And more!
- Exiger website
- The DHS Risk Lexicon (PDF)
- COLUMN: Addressing the Homeland Security Threat from China, 18 Jan 2023
- COLUMN: Advancing Homeland Security Risk Governance, 22 Sep 2022
- COLUMN: The Country Can’t Afford a ‘Pause’ on Combating Disinformation and Violence, 15 Jul 2022
- Pro-China Disinformation Campaign Claims US Started Maui Fires in a ‘Weather Weapons’ Experiment, Falsely Citing the UK’s MI6
- 5th Circuit finds Biden White House, CDC likely violated First Amendment
- Bob’s Exiger profile
- The Gate 15 Interview: Bob Kolasky talks critical infrastructure, risk, Guns N’ Roses and pizza! (November 2021)
Previously, Bob served as Cybersecurity and Infrastructure Security Agency’s (CISA) Assistant Director, leading the National Risk Management Center (NRMC) and in a number of other critical homeland security roles and responsibilities.
In the discussion:
A few references mentioned in or relevant to our discussion include: