As we head into Thanksgiving, I’ve been thinking about how much of cybersecurity comes down to gratitude—gratitude for the teams who stay curious, who ask questions, who share what they know without hesitation. After more than twenty years in this field, I’ve seen how a culture of appreciation quietly strengthens every layer of defense. When people feel supported, they make better decisions… and they keep each other safer. It’s a bit like crafting the perfect blend in a favorite recipe: when the right ingredients come together, everything just works.
🔒 Security Tip of the Week:
Before sharing a document or link—especially during the busy holiday season—double-check access settings. Holidays tend to bring fast-moving messages and quick handoffs, and a simple verification step ensures your information ends up exactly where it should. A little intentionality goes a long way.
Join us at the next Cyber Sips on December 2nd at The Prov Coffee and Bakery from 7:30am – 9:30am and share your proven recipes with like-minded professionals. Let’s make digital safety something we do together!
-Amber Nelson, CMO
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🚨 Nationwide Emergency Alert System Crippled by INC Ransomware Attack
A sophisticated ransomware attack by the INC Ransom group has crippled the OnSolve CodeRED emergency notification platform, which services hundreds of US municipalities. The incident, which began in early November, has forced the permanent decommissioning of the legacy CodeRED system and potentially exposed the personal data (names, addresses, phone numbers) of millions of residents who signed up for the alerts.
🏦 Major US Banks Affected by Data Breach at Real Estate Finance Vendor SitusAMC
A significant cyberattack on SitusAMC, a major real estate finance and technology vendor, has led to the compromise of corporate and customer data. The breach impacts major US banks that use the vendor’s services, including JPMorgan Chase, Citi, and Morgan Stanley, and affects the sensitive data of residential mortgage holders. The FBI is currently investigating the incident.
⚠️ Critical Vulnerabilities Found in Open-Source Telemetry Agent Fluent Bit
Security researchers discovered five vulnerabilities in Fluent Bit, an open-source and widely used telemetry agent for collecting logs and metrics in cloud environments. The flaws, which can be chained together, include a critical path traversal vulnerability that can enable attackers to achieve log tampering and remote code execution (RCE) to compromise and take over cloud infrastructure.
💸 Russian Ransomware Suspect Arrested in Thailand After Years on the Run
Ianis Aleksandrovich Antropenko, a prolific Russian ransomware operator allegedly responsible for attacks between 2018 and 2022, was arrested on a Thai resort island. Antropenko was wanted by the FBI and is known for being part of a group that targeted critical infrastructure and large enterprises globally before the arrest this week.
📦 New ‘Shai-Hulud’ Supply Chain Attack Infects 640 NPM Packages
A new wave of the ‘Shai-Hulud’ supply chain attack has been detected, with over 640 packages on the popular NPM (Node Package Manager) repository infected. The attack leverages malicious code within the packages to steal developer credentials and other secrets by publishing the stolen information to public GitHub repositories.