Reposted from EMR-ISAC InfoGram

Zero-days comprised the majority of the most routinely exploited vulnerabilities last year, an increase from 2022 which allowed cybercriminals to attack higher-priority targets, Five Eyes cyber officials said in a Tuesday advisory. The top five vulnerabilities exploited by attackers in 2023 were found in three vendors (Citrix, Cisco, and Fortinet) across networking devices, remote access servers and firewalls. Last year, the two pairs of CVEs in Citrix and Cisco products, respectively, comprised the four most-exploited vulnerabilities of the year.

See Original Post

Reposted from EMR-ISAC InfoGram

On Nov. 12, the House Committee on Homeland Security has released a new Cyber Threat Snapshot examining growing threats posed by malign nation-states and criminal networks to the homeland and the data of Americans. Unfortunately, cyberattacks on critical infrastructure increased 30 percent globally last year. To undermine U.S. sovereignty, Iranian hackers used spear-phishing to target campaign networks and government officials; China allegedly backed hacking group Salt Typhoon to infiltrate candidates’ phones; and Russia used a botnet to target social media feeds in an effort to spread their malign influence. From Iran-backed intrusions into our water sector and the targeting of satellites to the Chinese Communist Party-affiliated ‘Typhoon’ intrusions into numerous facets of our critical infrastructure, nation-states see the dangerous value in disrupting, manipulating, or surveilling the operational and information technology that supports the daily lives of Americans. Cyber insecurity also impacts the health and wellness of Americans, as cybercriminals increasingly target hospitals and other healthcare entities for ransom. The intrusions into the Ascension Health hospital system and Change Healthcare, a UnitedHealth subsidiary, showcase the damage that can be done to patient care and privacy when the IT that is foundational to emergency response is undermined by cyber criminals. Read the full Nov. 12 release and Snapshot at Homeland.House.Gov.

See Original Post

Reposted from EMR-ISAC InfoGram

In episode 109 of the Center for Internet Security’s (CIS’) podcast, Cybersecurity Where You Are, CIS’ Vice President of Security Operations & Intelligence and Director of Intelligence & Incident Response examine the scariest malware of 2024. It discusses what makes certain malware strains “scarier” than others, what trends shaped the cyber threat landscape in 2024, and how malware tactics and techniques from 2024 will continue to evolve.

The podcast shares recommendations for how organizations can keep up with the changing cyber threat landscape, including how individuals and organizations can proactively defend themselves and how national strategies are shaping malware defense and incident response.

See Original Post

Reposted from Honeywell

Honeywell

Solutionsphere: Badging solutions for your Enterprise

You're invited: Solutionsphere: Badging solutions for your Enterprise

Join us for a webinar on December 11th at 12:30pm EST unveiling the next generation of workplace security solutions by Telaeris featuring XPressEntry Handheld Badge and Biometric readers. Mark Miller and Derek Masterson will share invaluable insights about how the Telaeris integration with Pro-watch Security Suites can help businesses improve workplace safety.

Don't miss out on learning how these new solutions make security scalable and adaptable in any setting.

Date Dec 11, 2024

Time 12:30 PM EST

Location Zoom Webinar

REGISTER HERE

Here is what you will learn during the webinar:

· What are the benefits of integrating biometric verification technologies into existing security protocols

· How can XPressEntry enhance access control systems to ensure comprehensive workplace security

· The benefits of integrated emergency mustering and accountability

Speakers:

Mark Miller, Business Development Manager, Telaeris

Derek Masterson, Vertical Account Manager, Honeywell

Maureen Bruen, Consultant and Business Development Manager, Honeywell

See Original Post

Reposted from Cuseum

Hey there, museum professionals, administrators and membership managers! We know you’ve got enough on your plate; from safeguarding priceless artifacts to planning the next big exhibition or patron event.

But guess what? Your organization’s digital assets and data need your attention and protection too! So, we’ve put together a simple and practical 8 step guide on how to safeguard your data just in time for October, which is Cybersecurity Awareness Month. Let’s dive in and don’t worry; we’ve got a fictional case for each step to make it extra relatable. The Museum of Ancient Wonders realized they hadn’t updated their systems or reviewed their security practices in ages (seriously, not since their "Dinosaur Dance Party" exhibit in 2015!). Their outdated systems made them vulnerable to ransomware attacks. After conducting their security practices, the museum resolved a vulnerability that could have led to a costly security disaster. Crisis averted!  Supporting Data: According to Accenture’s Cybersecurity Study, 60% of businesses do not perform regular security audits, making them prime targets for cyberattacks. Don’t let this be you! Pro Tip: Schedule an audit of your digital infrastructure at least annually to catch any vulnerabilities before the cyber-baddies do! Over at the Cosmic Catfish Zoo & Aquarium, a staff member clicked on a phishing email (oops), and suddenly their entire system was at risk! But thanks to multi-factor authentication (MFA) that was enabled on various systems (including Cuseum), the hackers couldn’t get in. Supporting Data: Did you know that 99.9% of account hacks can be prevented with MFA? Yup, according to Microsoft’s 2023 cybersecurity study, it’s one of the simplest and most effective ways to lock down your systems. Pro Tip: With MFA, your staff will need more than just a password to access systems. Think of it as adding a second lock to the museum vault; and who doesn’t love extra security?

See Original Post

Reposted from ArtNet News

Climate protestors who threw soup at two Van Gogh paintings last month have been banned by a judge from protesting in London. The dictate comes as Just Stop Oil (JSO) activists have carried out a series of peaceful protests across the U.K. over the last week, despite a recent letter from museum directors demanding that environmental groups stop targeting artworks as part of their demonstrations.

Yesterday, Mary Somerville, 77, Stephen Simpson, 71, and Phil Green, 24, pleaded not guilty in a London court to two counts of criminal damage. They were charged for allegedly damaging the frames of two Sunflowers painting by Vincent Van Gogh on view at the National Gallery after throwing tomato soup at them in an act of protest on September 27.

The Just Stop Oil (JSO) activists were released on bail and their case will go to trial in January 2026. In the meantime, Judge Alexander Milne has barred them from participating in any protest action within the M25, a major highway encircling most of Greater London.

The defendants’ lawyer Raj Chada said this ban was a “disproportional” infringement on their right to protest since London is “the seat of government,” according to a BBC report. Milne countered that, “there seems to be a great deal of blurring between the exercise of that right and the commission of criminal offenses.”

Meanwhile, JSO has launched a series of peaceful interventions across the U.K. by adorning public statues in orange high-vis vests bearing the activist group’s logo. This morning, activists dressed up a bronze statue of Nelson Mandela in London’s Parliament Square. A demonstrator held a sign bearing the anti-Apartheid activist’s famous quote: “It always seems impossible until it’s done.”

“People say it’s impossible to Just Stop Oil, but we would argue it always seems impossible until it’s done.  What choice do we have?,” said a JSO spokesperson in a statement. “The system is broken, and we cannot rely on these or any other politicians to save us. We need revolution in how we make decisions, empowering ordinary people to decide their own futures through citizen-led assemblies.”

The group noted that London’s Parliament Square, which is full of monuments to some of Britain’s most influential political figures, will be the site of a “Politics is Broken” protest on November 2, as part of Palestine Solidarity Campaign’s National Palestine March.

The first public sculpture to be targeted in the latest high-vis vest campaign was a bronze rendering of the Beatles in their hometown of Liverpool on October 24. Activists held speech bubble–shaped placards next to the figures stating, “Hey Jude, let’s Just Stop Oil” and “imagine there’s no oil.” Both lines referenced famous song lyrics by the music group.

In a further effort to relate the statues they are targeting to current environmental concerns, another group of JSO activists dressed a statue of Demeter, the Ancient Greek goddess of agriculture, with a vest and a sign stating “Just Stop Famine” at the British Museum on October 25.

JSO has a history of demonstrating at museums, leading to a consortium of U.K. museum directors to issue an open letter earlier this month, imploring the activist group to stop attacking their art. Somerville, Simpson, and Green’s action at London’s National Gallery’s “Van Gogh: Poets and Lovers” exhibition in September was a direct response to the sentencing of two other JSO activists, who had also thrown soup on one of the same Sunflowers paintings in 2022. Phoebe Plummer, 23, and Anna Holland, 22, were handed hefty prison sentences by Southwark Crown Court earlier that same day.

Other works that have been targeted include John Constable’s The Hay Wain and Velázquez’s Rokeby Venus, also at the National Gallery. Early in October, two JSO activists who glued themselves to a J.M.W. Turner painting at Manchester Art Gallery were spared jail time after a judge at Manchester Magistrates’ Court ruled that the pair were not guilty, and their action was proportionate in the face of the climate crisis.

See Original Post

Reposted from Museums and Heritage

A statue of the Greek goddess Demeter at the British Museum has been targeted by protest group Just Stop Oil. On Friday, members of the group added a ‘high-viz’ vest and a cardboard speech bubble to the statue which read “Just Stop Famine”. The group said the statue was chosen as Demeter was the Olympian goddess of harvest and agriculture. A statement from the group said the stunt was hoped to encourage the UK government to work with others to end the extraction and burning of oil, gas and coal by 2030. A Just Stop Oil spokesperson said: “If you think famine only happens elsewhere, think again. Our rich nation status will not protect us from what is coming. A collapse in the Atlantic Ocean currents would destroy our ability to grow food, and you can’t eat money.” A British Museum spokesperson said the museum “respects other people’s right to express their views and allows peaceful protest onsite at the Museum as long as there is no risk to the collection, staff or visitors.” The spokesperson said the incident “clearly breached our visitor guidelines, and put objects at risk of harm”, but clarified there was no damage caused. Similar jackets and signs were added to the outdoor statues of The Beatles in Liverpool and Emmeline Pankhurt in Manchester by the group. The stunt marks the latest to target a specific artwork across the UK’s galleries and museums this year. After a series of protests at the National Gallery, it announced a ban on visitors bringing in liquids, with the exception of baby formula, expressed milk and prescription medicines.

See Original Post

Reposted from EMR-ISAC

National First Responder’s Day was observed this week on Oct. 28. For several years, this day has been recognized with congressional resolutions, state and local government resolutions, other accolades, plus discounts and promotions at stores and restaurants.

The day honors the service and sacrifice of those working in all public safety disciplines for answering the call in their communities. The following is a selection of recent documentaries that were either created by first responders or in collaboration with members of the public safety community. These films showcase the work first responders do every day and the issues that are important to them.

(2023) Odd Hours, No Pay, Cool Hat - Presented by John Deere in association with the National Volunteer Fire Council, HoldFast Features, and Vignette. Follow the inspiring journey of the most remarkable neighbors whose help you hope you never need - volunteer firefighters - as they encounter heart-breaking challenges and exhilarating triumphs to fulfill a single mission: serving their community. Heart-warming, humorous, and thrilling, this sweeping portrait of bravery will capture your heart and inspire.

(2023) Elemental: Reimagine Wildfire - Filmed across the West and narrated by Golden Globe and Emmy nominated actor David Oyelowo, this documentary takes viewers on a journey with the top experts in the nation to better understand fire. The film follows the harrowing escape from Paradise, California as the town ignited from wind-driven embers and burned within a few hours of the fire's start. It then continues to the even more recent fires of the last two years, when Oregon, California and Colorado suffered their worst wildfires in recorded history.

(2023) Every 20 Years: Wildland Fires in San Bernardino County. Approximately every 20 years, a large campaign fire takes place in the San Bernardino County mountains. This short documentary examines the recurring pattern of wildfires in the San Bernardino Mountains. Through historical context and personal narratives, this film sheds light on the challenges faced by firefighters, residents, and first responders as they contend with these large fires. It underscores the importance of preparedness and defensible space in mitigating wildfire risks for residents in this disaster-prone region.

(2023) Honorable but Broken: EMS in Crisis - Narrated by six-time Golden Globe and two-time Primetime Emmy award winning actress Sarah Jessica Parker and endorsed by the National Association of Emergency Medical Technicians (NAEMT) and the National Registry of EMTs (NREMT). A documentary film exploring the world of EMTs and Paramedics, the collapse of the EMS system, and what needs to be done to save it.

(2024) Burned: Protecting the Protectors - A collaboration between Ethereal Films, the Last Call Foundation, Footpath Pictures, and producer Mark Ruffalo. BURNED is a public service announcement to firefighters everywhere. It tells the true story of how the spouse of a firefighter revealed significant exposure to forever chemicals affecting the fire community.

(2024) Through the Smoke – Created by Zach Hamelton and the Haines City (Florida) Fire Department. This 10-episode documentary series features the Haines City firefighters and command staff's day-to-day life, including what happens both on and off calls. It will dispel some common misconceptions about the fire service and will showcase the first responders themselves and their unique personalities.

Reposted from CISA

On Oct. 29, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2025–2026 International Strategic Plan, the agency’s first, which supports the agency’s first comprehensive strategic plan and aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience published in April 2024. The International Strategic Plan focuses on how CISA will proactively engage international partners to strengthen the security and resilience of our nation’s critical infrastructure. Since the risks we face are complex, geographically dispersed and do not abide by borders, protecting and securing our cyber and physical infrastructure requires the concerted efforts of public and private partners around the globe. Our International Strategic Plan outlines three goals CISA must achieve to address the ever-changing and dynamic challenges facing America and our international partners.

See Original Post

Reposted from SafeHaven Security

As stress increases across our society, anger and conflict have increased as well. For many, physical violence is becoming an ever more acceptable answer to problems, even in the workplace.   This webinar is an intro to our GET..LIVE De-Escalation Master Class. From this session you will learn the keys to controlling your emotions under extreme stress. Attendees will walk away feeling empowered and fully prepared to respond appropriately to any situation both at work and in life. Webinar: GET…LIVE De-Escalation Strategies & Skills November 19 | 1:30pmCST $29 Registration

See Original Post