Weekly Security Sprint EP 49. ISAC news, weather impacts, plus your dose of cyber and physical security news

In this week's Security Sprint, Dave and Andy covered the following topics. ISAC Exciting Announcements! Tribal-ISAC joins National Council of ISACS for cyber security, information sharing Japanese Auto-ISAC and Auto-ISAC Formalize Agreement to Enhance Vehicle Cybersecurity Severe Weather Awareness Iowa Caucus Impacts Texas "Freeze" Buffalo Bills great stadium dig-out   Main Topics   School Data Base Leak. https://www.wired.com/story/us-school-shooter-emergency-plans-leak/ SEC X Compromise. SEC account hack renews spotlight on X's security concerns US SEC says breach of its X account did not lead to breach of broader SEC systems A Hacker's Perspective: Social Media Account Takeover Prevention Guide   Scams. https://news.trendmicro.com/2024/01/12/fake-apple-and-capital-one-notifications-top-scams-of-the-week/   Physical Threats. Malicious Actors Threaten U.S. Synagogues, Schools, Hospitals, and Other Institutions With Bomb Threats, 12 Jan. “Since 8 December 2023, the FBI has opened investigations on more than 100 separate threats targeting more than 1,000 institutions in 42 states and the District of Columbia." New FB-ISAO Newsletter! FB-ISAO Newsletter, v6, Issue 1. US, UK launch retaliatory strikes against Houthis in Yemen Protests erupt outside Yemen Mission in NYC to condemn US attacks on Houthi rebels — some protesters attacking couple holding Israeli flag: ‘Long live Hamas, you piece of s–t!’ Joint Statement from the Governments of Australia, Bahrain, Canada, Denmark, Germany, Netherlands, New Zealand, Republic of Korea, United Kingdom, and the United States Statement from President Joe Biden on Coalition Strikes in Houthi-Controlled Areas in Yemen Statement by Secretary of Defense Lloyd J. Austin III on Coalition Strikes in Houthi-Controlled Areas of Yemen Background Press Call by Senior Administration Officials and Senior Military Official on Developments in the Middle East Houthi rebels say US will pay a ‘heavy price’ for strikes that killed 5, injured Lulzsec Hacktivists Leak American Bank Logins in Protest Against Yemen Airstrikes Moscow Blasts U.S.-British Strikes in Yemen Who Are the Houthis and Why Did the US and UK Launch Strikes on Them?   Quick Hits FBI arrests Florida man accused of threatening ‘mass casualty event’ American intel officials warn of risk of Hezbollah attacking U.S.  Ivanti Vulnerabilities. Ivanti Blog Post: Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN CISA Adds Two Known Exploited Vulnerabilities to Catalog CERT-NZ: Vulnerabilities in Ivanti Connect gateways actively exploited Canadian Centre for Cyber Security Ivanti security advisory (AV24-020) Ivanti warns of Connect Secure zero-days exploited in attacks Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation.  Canadian Centre for Cyber Security Ivanti Connect Secure and Ivanti Policy Secure gateways zero-day vulnerabilities Risky Biz News: Chinese APT exploits two Pulse Secure zero-days Ivanti Zero-Day Vulnerabilities (CVE-2023-46805 and CVE-2024-21887) State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns The vulnerability forecast for 2024 WEF: Global Cybersecurity Outlook 2024 Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015