Weekly Security Sprint EP 27. New SEC Rules, China cyber threat foot-stomping plus anger, radicalization, political violence, the critical-ist of infrastructure and…so much more!

In the week's Security Sprint, Andy and Jen talked about the following topics:  Jen’s Cyber Updates SEC: SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies. Final Rule; Fact Sheet.  Fortinet: Cybersecurity, A Necessity for the Sustainability of Society  Tenable: FAQ: What the New SEC Cybersecurity Rules Mean for Infosec Leaders  Florida mandates cybersecurity training for state workers   FACT SHEET: Biden-⁠Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent.   Survey: Political Violence is Justified ‘Anger and radicalization’: rising number of Americans say political violence is justified; Survey shows a small but significant share of Americans believe in use of force to attain political goals – on both the left and the right   Infrastructure Cyber Threats U.S. Hunts Chinese Malware That Could Disrupt American Military Operations; American intelligence officials believe the malware could give China the power to disrupt or slow American deployments or resupply operations, including during a Chinese move against Taiwan.  ICYMI: SAVE THE DATE! H2OSecCon Powered by WaterISAC. October 19 -20 Virtual 2023. H2OSecCon is coming back for a second year and will be held virtually from October 19 20. This two-day virtual conference will focus on IT and OT cybersecurity, physical security, and resilience for the water and wastewater sector. Space: If you’ve ever heard our Gate 15 podcasts, including our interviews with the team at Space ISAC, you know we’re on board with this: Bipartisan bill designates space as critical infrastructure sector. FYSA: TAG Cyber Announces Release of 2023 Q3 Edition: Focused on Cybersecurity in Outer Space.    Threats and Scams Attackers exploit Windows-based ‘search-ms’ protocol  Ransomware Delivery URLs: Top Campaigns and Trends & Web browsing is the primary entry vector for ransomware infections  USPS Phishing Scam Targeting iOS Users  CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse  CISA Releases Analysis of FY22 Risk and Vulnerability Assessments  CISA Releases Malware Analysis Reports on Barracuda Backdoors  Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins  Known Exploited Vulnerabilities Catalog  US contractor says info of up to 10 million leaked in MOVEit breach: An IT firm that provides services to Medicaid, Medicare, U.S. student loan servicers and other government programs confirmed that the information of up to 10 million people may have been accessed by hackers exploiting the MOVEit file transfer software. Quick Hits Severe Weather – this is being covered every day in the Gate 15 SUN CISA Establishes Regional Election Security Advisors to Strengthen Front Line Support to the Election Community CISA: Cybersecurity Performance Goals: Sector-Specific Goals President Biden Announces Key Nominees, including Harry Coker, Jr., Nominee for National Cyber Director.  2023 Cofense Phishing Intelligence Trends Review: Q2 CISA, USCG Publish Analysis Report on Findings During 2022 Risk and Vulnerability Assessments CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078 Google - The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 Categorizing the CISA KEV by Technology Type