In this week's Security Sprint, Dave and Andy talk about the following topics:

Cybersecurity Awareness Month. 

A Proclamation on Cybersecurity Awareness Month, 2023.

CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World

Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories

NSA Releases Guidance on Acceptance Testing for Supply Chain Risk Management

Procurement and Acceptance Testing Guide for Servers, Laptops, and Desktop Computers 

CISA: Cyber Training Bulletin

Transforming Vulnerability Management: CISA Adds OASIS CSAF 2.0 Standard to ICS Advisories

NSA Launches 10th Annual Codebreaker Challenge for 2023

Check out NSA Cyber Director Rob Joyce’s social media meme-fest! Here, on Threads.

Gate 15, along with many ISACs, ISAOs and other great organizations, is Cybersecurity Awareness Month Champion!

 

Headlines

Beware of Floor Plans. https://www.cnn.com/2023/09/28/politics/dhs-investigating-ransomware-attack 

FBI PIN: Two or More Ransomware Variants Impacting the Same Victims and Data Destruction Trends

Most dual ransomware attacks occur within 48 hours.

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang

The Week in Ransomware - September 29th 2023 - Dark Angels

FB-ISAO: September 2023 Threat Level Statement Update – Threat Levels Remain at GUARDED.

The U.S. National Strategy to Counter Antisemitism: Key Actions by Pillar | The White House

Fact Sheet: Biden-Harris Administration Takes Landmark Step to Counter Antisemitism | The White House

Secretary Mayorkas Delivers Remarks at the Protecting Places of Worship Roundtable.

Peruvian National Arrested In Peru For Sending Over 150 Hoax Bomb Threats To Schools And Other Institutions In The United States And Soliciting Child Pornography.

VA man who made threats against church arrested after showing up to Sunday service armed with gun, knive

Armed suspect arrested at Haymarket church, while service in progress Sept. 24 - Bull Run, VA 

Pastor says ‘miracle of God’ led to peaceful arrest of armed man at Va. church

Target Press Release: Target Closes Select Stores to Prioritize Team Member and Guest Safety

 

US GAO - Critical Infrastructure Protection: National Cybersecurity Strategy Needs to Address Information Sharing Performance Measures and Methods.

 

Quick Hits

FCC Net Neutrality. https://techcrunch.com/2023/09/26/fcc-announces-plans-to-reinstate-net-neutrality/

Apple updates. https://www.securityweek.com/macos-14-sonoma-patches-60-vulnerabilities/

Prepare for the unlikely. https://www.dhs.gov/science-and-technology/news/2023/09/25/preparing-unlikely

FBI PSA: "Phantom Hacker" Scams Target Senior Citizens and Result in Victims Losing their Life Savings

FEMA and FCC Plan Nationwide Emergency Alert Test for Oct. 4, 2023. Test Messages Will be Sent to All TVs, Radios and Cell Phones

Massive emergency alert test scheduled to hit your phone on Wednesday. Here's what to know.

Bridging the gender gap in the public sector.

Bipartisan Senate Intelligence Committee Report Warns of New Threats from China and Russia (PDF report)

CISA, NSA, FBI and Japan Release Advisory Warning of BlackTech, PRC-Linked Cyber. People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices 

Global Engagement Center Special Report: How the People’s Republic of China Seeks to Reshape the Global Information Environment. 

Critical vulnerabilities in Exim threaten over 250k email servers worldwide.  

CISA releases Hardware Bill of Materials (HBOM) Framework for Supply Chain Risk Management.

A Hardware Bill of Materials Framework for Supply Chain Risk Management

A Hardware Bill of Materials Framework for Supply Chain Risk Management Fact Sheet

The Cybersecurity 202 - Want to learn what’s in your hardware? CISA has an idea for that.