Weekly Security Sprint EP 15. A few of our favorite things - insiders, ransomware, hostile events, and Andy's quick hits

In this week's Security Sprint, Dave and Andy talked about the following topics: Insiders, hostile events, and data loss Louisville. AP: https://apnews.com/article/downtown-louisville-shooting-dc7b45a9c5d2b384a16d653864f8b735 DoD Data Loss. USA Today: https://www.usatoday.com/story/news/politics/2023/04/13/dod-leaked-documents-pentagon-military-secrets/11648829002/ Ransomware Major cybersecurity flaws led to Suffolk County ransomware attack: The LockBit ransomware (kinda) comes for macOS; Analyzing an arm64 mach-O version of LockBit⁠ & ⁠LockBit ransomware gang appears to be targeting Macs for the first time Risky Biz News⁠: NCR gets ransomwared: NCR, the world’s largest banking and payments software maker, has ⁠confirmed⁠ that a recent data center outage was caused by a ransomware attack. And see ⁠NCR suffers Aloha POS outage after BlackCat ransomware attack Karakurt returns: Chinese security firm QiAnXin has a report on ⁠the return of Karakurt⁠, the data extortion division of the old Conti gang. Technical Analysis of Trigona Ransomware⁠ & ⁠Trigona Ransomware Attacking MS-SQL Servers⁠ Vice Society ransomware uses new PowerShell data theft tool in attacks⁠ Risky Biz News⁠: Kadavro ransomware: Fortinet has an ⁠analysis⁠ of the new Kadavro ransomware they’ve been seeing distributed in the wild disguised as a Tor Browser installer. Risky Biz News⁠: LockBit ransomware: French security firm Glimps has published a ⁠technical analysis⁠ of Lockbit’s new version, known as LockBit Green. Risky Biz News⁠: RTM Locker: Trellix researchers have discovered a new RaaS platform named Read The Manual, or ⁠RTM Locker⁠.  Space as Critical Infrastructure: FDD: Time to Designate Space Systems as Critical Infrastructure & Opinion: Time to designate space systems as critical infrastructure, and reported here: Cyberspace Solarium Commission says space systems should be considered critical infrastructure Others: Faith-Based Security: FB-ISAO Newsletter, v5, Issue 4. FB-ISAO is Five Years Strong, Mass Shooting at Covenant School, SPOTLIGHT: Resources, Upcoming Events. FB-ISAO: Faith-Based Organizations Continue to Be Targets of Hostile Events. A Proclamation on Days Of Remembrance Of Victims Of The Holocaust, 2023 Statement from President Joe Biden on Orthodox Easter CSU released its first forecast for the 2023 Atlantic hurricane season on Thursday, April 13. We anticipate that the 2023 Atlantic basin hurricane season will have slightly below-average activity. MDM: THE CYBERSECURITY 202: Russians boasted of undetected bots, leaked documents show. Risky Biz News: Misinformation superspreaders: A report found that Twitter Blue accounts are some of the platform’s biggest spreaders of misinformation. Unleash the Twitter Bots What it will look like if China launches cyberattacks in the U.S. “If Xi Jinping moves on Taiwan, we should assume he’ll launch cyberattacks against the United States as part of the operation,” Rep. Mike Gallagher (R-Wis.), chair of the House Select Committee on China, said in an emailed statement. Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. ’But even if the event turns out not to be the work of an outside malicious hacker, the threat to water treatment facilities is still very real, said Jennifer Lyn Walker, director of infrastructure cyber defense at the Water Information Sharing and Analysis Center. Furthermore, she said, the incident helped give the attention needed to kickstart a larger conversation about securing the water and wastewater systems, particularly for smaller utilities. A cyber attack hit the water controllers for irrigating fields in the Jordan Valley; A cyber attack paralyzed the water controllers for irrigating fields in the Jordan Valley that are operated by the Galil Sewage Corporation.