Faith-Based Security Headlines
These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Church app developer exposes data of nearly a million Brazilians (inChurch software)
Cybernews reports:
“inChurch, a Brazilian software company providing services to 5000 churches across Brazil and 45,000 worldwide, has leaked a tremendous amount of sensitive user data.
…
Most of the leaked Excel files contained potentially sensitive personal data of 932,000 members of churches, mainly across Brazil, but the team was not able to independently validate the dataset due to white-hat cybersecurity practices.
…
Leaking such a massive amount of personal data is a cause of concern, as cybercriminals could exploit it in various ways. According to the researchers, cybercriminals could use the exposed email accounts and phone numbers for targeted phishing attacks. For example, they could send deceptive emails to affected individuals, which appear to be from inChurch. This increases the risk of further security breaches.
By using social engineering tactics with the leaked data, attackers might manipulate victims into revealing more personal information or taking actions that compromise their security.”
Analyst Comments:
The inChurch app is mostly used in Brazil, but it is also used outside of Brazil. Faith-Based Organizations (FBO) should check and see if they, or any of their affiliates, are using inChurch products.
The inChurch leak can serve as a reminder of how cybercriminals can use social engineering and a little information to obtain more information.
CrowdStrike’s What Is Social Engineering? Examples + Prevention explains social engineering, and provides the following best practices to prevent social engineering.
- DON’T CLICK ON LINKS SENT BY PEOPLE YOU DON’T KNOW. Hover over them first; trust but verify!
- Avoid opening attachments within emails from senders you do not recognize.
- Be wary of emails or phone calls requesting account information or requesting that you verify your account.
- Do not provide your username, password, date of birth, social security number, financial data or other personal information in response to an email or robocall.
- Always independently verify any requested information originating from a legitimate source.
- Always verify the web address of legitimate websites and manually type them into your browser.
- Check for misspellings or improper domains within a link (for example, an address that should end in a .gov ends in .com instead).
- Before transferring money or information, verify by voice or video call.
- Be alert to counterfeit items, such as sanitizing products and personal protective equipment, or people selling products that claim to prevent, treat, diagnose or cure COVID-19.
Also, FB-ISAO’s 06 October 2023 Daily Awareness Post contains many cybersecurity resources.
Get the Daily Awareness Post Delivered to your Email!
More Faith-Based Stories
Driver verbally attacks, tries to run over yeshiva students in Brooklyn and ‘I’m gonna kill all the Jews’: NY man tries to drive into students near yeshiva
CA: Glass Containers Filled With Red Paint Thrown at Attendees of Bay Area Jewish Event
NYC man charged with antisemitic, anti-white, and anti-woman hate crimes
Justice Department Recognizes Jewish American Heritage Month
HATE IN QUEBEC: Multiple Shots Fired At Belz Yeshiva K’tana In Montreal
Christian convert in Somalia attacked by knife-wielding Muslim relatives, loses family
Select All-Hazards Stories
Europe on high alert after suspected Moscow-linked arson and sabotage
Iran Behind Attacks on Israeli Embassies in NATO Countries: Mossad
VIDEO: Pro-Palestinian Protesters Swarm Police, Set Fire to Israel’s Embassy in Mexico City
Hate Crime Unit investigating vandalism at Member of Parliament’s Toronto office
CISA: A Plan to Protect Critical Infrastructure from 21st Century Threats
Active Pattern Across the Plains; Heat Concerns for South Texas and Florida National Weather Service
Iceland: Grindavik volcano eruption prompts new evacuations
5 Ways Fraudsters May Lure Victims Into Scams Involving Crypto Asset Securities – Investor Alert
Disbarred Attorney Pleads Guilty to Promoting $9.5M Cryptocurrency Ponzi Scheme
India’s election wasn’t the deepfake doomsday many feared
More than half of 2023’s ransomware attacks exploited remote access vulnerabilities
Indian police arrest five accused of trafficking people into scam compounds
Crypto ISAC Launches to Spearhead Ecosystem-Wide Security Initiatives and Kraken co-founds Crypto Information Sharing and Analysis Center (ISAC)
More Security-focused Content
The FB-ISAO’s sponsor Gate 15 publishes a free daily newsletter called the SUN. Curated from their open source intelligence collection process, the SUN informs leaders and analysts with the critical news of the day and provides a holistic look at the current global, all-hazards threat environment. Ahead of the daily news cycle, the SUN allows current situational awareness into the topics that will impact your organization. To sign-up for The SUN, please sign up below.
