This DAP highlights – Anniversary of the Hate Crimes Prevention Act and CISA publishes venue guide for security considerations. DAP also has More Faith-Based Stories and Select All-Hazard Stories. These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Faith-Based Daily Awareness Post 27 July 2023
Faith-Based Security Headlines
These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against, and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.
Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats
Excerpts from the article:
A potentially serious vulnerability affecting a network door controller made by Axis Communications can expose facilities to both physical and cyber threats. The flaw, tracked as CVE-2023-21406 and rated ‘high severity,’ impacts the Axis A1001 network door controller. The company has released patches and additional security improvements to address the vulnerability.
Axis produces network cameras and other physical security products that are used by government and private sector organizations around the world.
Analyst Comment:
Many FBOs, including houses of worship, go to great lengths to physically secure their buildings. Security measures often include network-based physical security products and building access controls such as doors and cameras. Given the technology-based nature of these products, cybersecurity vulnerabilities are often discovered that could impact the security and usability, potentially resulting in reduced physical security. To keep facilities and people safe, it is important for FBOs to maintain an awareness of the vulnerabilities regarding the building control systems implemented in their buildings and address (patch, update, upgrade, replace) accordingly.
New Nitrogen malware pushed via Google Ads for ransomware attacks
Excerpts from the article:
The Nitrogen malware campaign starts with a person performing a Google or Bing search for various popular software applications. Depending on the targeting criteria, the search engine will display an advertisement that promotes the searched-for software. Clicking the link brings the visitor to compromised WordPress hosting pages that imitate the legitimate software download sites for the particular application.
The goal of the Nitrogen malware is to provide the threat actors initial access to corporate networks, allowing them to conduct data-theft, cyberespionage, and ultimately deploying the BlackCat/ALPHV ransomware.
Analyst Comment:
At present, this malware is primarily targeting technology and non-profit organizations in North America. Google or Bing searches for popular software like AnyDesk, Cisco AnyConnect VPN, and TreeSize Free have been manipulated to impersonate the legitimate products with fake pages. These fake pages contain malware, including ransomware to gain access to business networks. Threat actors have the ability to manipulate any web search they want, and often leverage trending or business specific search terms. As many employees and volunteers frequently perform internet searches, members are encouraged to remind users to be careful when clicking on search engine results.
More Faith-Based Stories
IL: Wicker Park Lutheran Church’s pride flags targeted by vandals
MT: Century-old Crow Agency church vandalized
WA: Police Say Vandalism at Veradale United Church of Christ was a Hate Crime
CA: Police investigate possible hate crime at Congregational Church of Belmont
NEO-NAZI RECEIVED 18 MONTHS PRISON SENTENCE OVER ANTISEMITIC VANDALISM IN ALASKA
ELDERLY JEWISH MAN ASSAULTED IN SAN DIEGO
CAIR-CT Condemns Distribution of Antisemitic Flyers in Westport
FBI gives documents to Congress relating to memo targeting Catholics
‘God loves us as we are’: Pope says in latest message of outreach to LGBTQ community
Good News Alert: CAIR Welcomes Kentucky Detention Center’s Pledge to Change Hijab Removal Policy
Church sex abuse revelations are unwelcome distraction as Pope Francis visits scandal-hit Portugal
On pause for Jewish mourning fast, Israeli protesters plan escalation
Police officer killed as suicide bomber detonates explosive vest at mosque in northwest Pakistan
DC: Pro-life activists assaulted on video outside Planned Parenthood say police won’t press charges
NY: Attorney General James Takes Action to Stop Anti-Choice Group from Blocking Access to Abortion Care
Select All-Hazards Stories
US Grid Operator PJM Declares Level One Emergency Amid Scorching Heat
Salmonella outbreak tied to ground beef sickens people in 4 states
Tuberculosis at the border: Doctors issue warnings of ‘drug-resistant strains’
US Department of State Travel Advisories
Israel president urges calm amid plans for further protest at judicial overhaul
DHS S&T Awards Funds to PNNL to Research the Future of Emergency Management
Family of man allegedly stabbed by model believes condo security could have prevented killing
FTC: Job offer through Telegram Messenger? Not so fast
Latest MOVEit Data Breach Victim Tally: 455 Organizations
Akira ransomware compromised at least 63 victims since March, report says
Infostealer incidents more than doubled in Q1 2023
CISA Adds to Known Exploited Vulnerability Catalog (Impacts: Apple and Zimbra Collaboration)
PaperCut security advisory (AV23-441)
Chrome Beta for Desktop Update
Understanding the Evolution of Modern Business Email Compromise Attacks
More Security-focused Content
The FB-ISAO’s sponsor Gate 15 publishes a free daily newsletter called the SUN. Curated from their open source intelligence collection process, the SUN informs leaders and analysts with the critical news of the day and provides a holistic look at the current global, all-hazards threat environment. Ahead of the daily news cycle, the SUN allows current situational awareness into the topics that will impact your organization. To sign-up for The SUN, please sign up below.
Related Posts
