|
MISCELLANEOUS CYBERSECURITY NEWS:
Medical device disclosures on the rise, but providers struggle to
patch known flaws - However, patch management struggles -may be
impeding that progress. As seen with new Palo Alto research on
infusion pump vulnerabilities, the majority of these devices are
operating with known flaws.
https://www.scmagazine.com/analysis/patch-management/medical-device-disclosures-on-the-rise-but-providers-struggle-to-patch-known-flaws
Four ways to get the most out of a threat detection program - Most
organizations try to stay ahead of threats and enhance their
security posture with limited resources.
https://www.scmagazine.com/perspective/threat-hunting/four-ways-to-get-the-most-out-of-a-threat-detection-program%EF%BF%BC
New HSCC insights target cybersecurity contract language for medical
tech - New insights from the Healthcare and Public Health Sector
Coordinating Council (HSCC) Cybersecurity Working Group targets the
oft-uneven relationship between medical device manufacturers and
delivery organizations that lead to maturity and security challenges
in the healthcare sector.
https://www.scmagazine.com/analysis/device-security/new-hscc-insights-targets-cybersecurity-contract-language-for-medical-tech
NSA report: This is how you should be securing your network - The
National Security Agency (NSA) has released a new report that gives
all organizations the most current advice on how to protect their IT
network infrastructures from cyberattacks.
https://www.zdnet.com/article/nsa-report-this-is-how-you-should-be-securing-your-network/
FBI pushes for ‘real time’ cyber incident reporting mandates,
liability protections - FBI Director Christopher Wray continued to
argue that his bureau should receive mandatory reports about hacks
and other significant cyber incidents from critical infrastructure
“in real time” and called for strong liability protections for
businesses.
https://www.scmagazine.com/analysis/critical-infrastructure/fbi-pushes-for-real-time-cyber-incident-reporting-mandates-liability-protections
Fraudsters target e-commerce as online transactions become the ‘new
normal’ - It’s no secret that digital fraud attempts targeting
online payment and financial accounts have jumped in the past two
years, exacerbated by pandemic woes and a growth in e-commerce and
digital financial services usage.
https://www.scmagazine.com/analysis/identity-and-access/fraudsters-target-e-commerce-as-online-transactions-become-the-new-normal
CYBERSECURITY ATTACKS, INTRUSIONS,
DATA THEFT & LOSS:
BD discloses hard-coded flaws impacting some Pyxis, Viper medical
devices - The Cybersecurity and Infrastructure Security Agency
(CISA) issued an alert for the healthcare and public health sectors
on vulnerabilities found in certain BD Pyxis and Viper LT products
that could enable the access or modification of sensitive
information.
https://www.scmagazine.com/analysis/device-security/bd-discloses-hard-coded-flaws-impacting-some-pyxis-viper-medical-devices
Samsung confirms Galaxy device source code leaked after breach -
Samsung confirmed a data breach led to the leak of source code for
its Galaxy devices.
https://www.scmagazine.com/news/breach/samsung-confirms-galaxy-device-source-code-leaked-after-breach
NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware - NVIDIA
certificates are being used to sign malware, enabling malicious
programs to pose as legitimate and slide past security safeguards on
Windows machines.
https://threatpost.com/nvidias-stolen-code-signing-certs-sign-malware/178784/
PressReader service partially returns after cyberattack impacts
7,000+ publications - PressReader, a digital platform for hundreds
of print newspapers and magazines, said its systems are slowly
returning to normal after a cyberattack caused outages since last
Thursday.
https://www.zdnet.com/article/pressreader-service-partially-returns-after-cyberattack-causes-outage/
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
We continue covering some of the
issues discussed in the "Risk Management Principles for Electronic
Banking" published by the Basel Committee on Bank Supervision.
Sound
Capacity, Business Continuity and Contingency Planning Practices for
E-Banking
1. All e-banking services and applications, including those
provided by third-party service providers, should be identified and
assessed for criticality.
2. A risk assessment for each critical e-banking service and
application, including the potential implications of any business
disruption on the bank's credit, market, liquidity, legal,
operational and reputation risk should be conducted.
3. Performance criteria for each critical e-banking service and
application should be established, and service levels should be
monitored against such criteria. Appropriate measures should
be taken to ensure that e-banking systems can handle high and low
transaction volume and that systems performance and capacity is
consistent with the bank's expectations for future growth in
e-banking.
4. Consideration should be given to developing processing
alternatives for managing demand when e-banking systems appear to be
reaching defined capacity checkpoints.
5. E-banking business continuity plans should be formulated to
address any reliance on third-party service providers and any other
external dependencies required achieving recovery.
6. E-banking contingency plans should set out a process for
restoring or replacing e-banking processing capabilities,
reconstructing supporting transaction information, and include
measures to be taken to resume availability of critical e-banking
systems and applications in the event of a business disruption.
Return to
the top of the newsletter
FFIEC IT SECURITY - We
continue our series on the FFIEC interagency Information Security
Booklet.
SECURITY CONTROLS -
IMPLEMENTATION - OPERATING SYSTEM ACCESS (Part 2 of 2)
Additional operating system access controls include the following
actions:
! Ensure system administrators and security professionals have
adequate expertise to securely configure and manage the operating
system.
! Ensure effective authentication methods are used to restrict
system access to both users and applications.
! Activate and utilize operating system security and logging
capabilities and supplement with additional security software where
supported by the risk assessment process.
! Restrict operating system access to specific terminals in
physically secure and monitored locations.
! Lock or remove external drives from system consoles or terminals
residing outside physically secure locations.
! Restrict and log access to system utilities, especially those
with data altering capabilities.
! Restrict access to operating system parameters.
! Prohibit remote access to sensitive operating system functions,
where feasible, and at a minimum require strong authentication and
encrypted sessions before allowing remote support.
! Limit the number of employees with access to sensitive operating
systems and grant only the minimum level of access required to
perform routine responsibilities.
! Segregate operating system access, where possible, to limit full
or root - level access to the system.
! Monitor operating system access by user, terminal, date, and
time of access.
! Update operating systems with security patches and using
appropriate change control mechanisms.
Return to the top of the newsletter
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
We continue
the series on the National Institute of Standards and Technology
(NIST) Handbook.
Chapter 18 - AUDIT TRAILS
18.2 Audit Trails and Logs
18.2.1 Keystroke
Monitoring
Keystroke monitoring is the process used to view or record both the
keystrokes entered by a computer user and the computer's response
during an interactive session. Keystroke monitoring is usually
considered a special case of audit trails. Examples of keystroke
monitoring would include viewing characters as they are typed by
users, reading users' electronic mail, and viewing other recorded
information typed by users.
Some forms of routine system maintenance may record user
keystrokes. This could constitute keystroke monitoring if the
keystrokes are preserved along with the user identification so that
an administrator could determine the keystrokes entered by specific
users. Keystroke monitoring is conducted in an effort to protect
systems and data from intruders who access the systems without
authority or in excess of their assigned authority. Monitoring
keystrokes typed by intruders can help administrators assess and
repair damage caused by intruders.
18.2.2 Audit Events
System audit records are generally used to monitor
and fine-tune system performance. Application audit trails
may be used to discern flaws in applications, or violations of
security policy committed within an application. User audits
records are generally used to hold individuals accountable for
their actions. An analysis of user audit records may expose a
variety of security violations, which might range from simple
browsing to attempts to plant Trojan horses or gain unauthorized
privileges.
The system itself enforces certain aspects of policy (particularly
system-specific policy) such as access to files and access to
the system itself. Monitoring the alteration of systems
configuration files that implement the policy is important. If
special accesses (e.g., security administrator access) have to be
used to alter configuration files, the system should generate audit
records whenever these accesses are used.
Sometimes a finer level of detail than system audit trails is
required. Application audit trails can provide this greater
level of recorded detail. If an application is critical, it can be
desirable to record not only who invoked the application, but
certain details specific to each use. For example, consider an
e-mail application. It may be desirable to record who sent mail, as
well as to whom they sent mail and the length of messages. Another
example would be that of a database application. It may be useful to
record who accessed what database as well as the individual rows or
columns of a table that were read (or changed or deleted), instead
of just recording the execution of the database program.
A user audit trail monitors and logs user activity in a
system or application by recording events initiated by the user
(e.g., access of a file, record or field, use of a modem).
Flexibility is a critical feature of audit trails. Ideally (from a
security point of view), a system administrator would have the
ability to monitor all system and user activity, but could choose to
log only certain functions at the system level, and within certain
applications. The decision of how much to log and how much to review
should be a function of application/data sensitivity and should be
decided by each functional manager/application owner with guidance
from the system administrator and the computer security
manager/officer, weighing the costs and benefits of the logging. |
