Faith-Based Daily Awareness Post 27 July 2023

Faith-Based Security Headlines

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against, and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats

Excerpts from the article:

A potentially serious vulnerability affecting a network door controller made by Axis Communications can expose facilities to both physical and cyber threats. The flaw, tracked as CVE-2023-21406 and rated ‘high severity,’ impacts the Axis A1001 network door controller. The company has released patches and additional security improvements to address the vulnerability.

Axis produces network cameras and other physical security products that are used by government and private sector organizations around the world.

Analyst Comment:

Many FBOs, including houses of worship, go to great lengths to physically secure their buildings. Security measures often include network-based physical security products and building access controls such as doors and cameras. Given the technology-based nature of these products, cybersecurity vulnerabilities are often discovered that could impact the security and usability, potentially resulting in reduced physical security. To keep facilities and people safe, it is important for FBOs to maintain an awareness of the vulnerabilities regarding the building control systems implemented in their buildings and address (patch, update, upgrade, replace) accordingly.

New Nitrogen malware pushed via Google Ads for ransomware attacks

Excerpts from the article:

The Nitrogen malware campaign starts with a person performing a Google or Bing search for various popular software applications. Depending on the targeting criteria, the search engine will display an advertisement that promotes the searched-for software. Clicking the link brings the visitor to compromised WordPress hosting pages that imitate the legitimate software download sites for the particular application.

The goal of the Nitrogen malware is to provide the threat actors initial access to corporate networks, allowing them to conduct data-theft, cyberespionage, and ultimately deploying the BlackCat/ALPHV ransomware.

Analyst Comment:

At present, this malware is primarily targeting technology and non-profit organizations in North America. Google or Bing searches for popular software like AnyDesk, Cisco AnyConnect VPN, and TreeSize Free have been manipulated to impersonate the legitimate products with fake pages. These fake pages contain malware, including ransomware to gain access to business networks. Threat actors have the ability to manipulate any web search they want, and often leverage trending or business specific search terms. As many employees and volunteers frequently perform internet searches, members are encouraged to remind users to be careful when clicking on search engine results.

Get the Daily Awareness Post Delivered to your Email!

More Faith-Based Stories

IL: Wicker Park Lutheran Church’s pride flags targeted by vandals

MT: Century-old Crow Agency church vandalized

WA: Police Say Vandalism at Veradale United Church of Christ was a Hate Crime

CA: Police investigate possible hate crime at Congregational Church of Belmont

NEO-NAZI RECEIVED 18 MONTHS PRISON SENTENCE OVER ANTISEMITIC VANDALISM IN ALASKA

ELDERLY JEWISH MAN ASSAULTED IN SAN DIEGO

CAIR-CT Condemns Distribution of Antisemitic Flyers in Westport

FBI gives documents to Congress relating to memo targeting Catholics

‘God loves us as we are’: Pope says in latest message of outreach to LGBTQ community

Good News Alert: CAIR Welcomes Kentucky Detention Center’s Pledge to Change Hijab Removal Policy