MISCELLANEOUS CYBERSECURITY NEWS:

MISCELLANEOUS CYBERSECURITY NEWS: Top cyber insurance trends, traps and advice - Cyber insurance has been around for 25 years, but experts say AI, new privacy laws and rapidly evolving threat vectors are challenging insurers to rethink risk and how they advise their customers to play it safe. https://www.scmagazine.com/news/rsac-2024-top-cyber-insurance-trends-traps-and-advice Ransomware attacks fewer but more aggressive: What to do - This year is turning out to be a stunning year for ransomware news. Law enforcement disrupted the LockBit ransomware group following an international police effort earlier this year, with two arrested in Poland and Ukraine. https://www.scmagazine.com/resource/ransomware-attacks-fewer-but-more-aggressive-what-to-do The US really wants to improve critical infrastructure cyber resilience - A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. https://www.cybersecuritydive.com/news/us-critical-infrastructure-cyber-resilience/715527/ The growing use of AI in banking - As the banking sector further ventures into the new space, we cover the many internal and external use cases for AI and machine learning technology.　 https://www.bankingdive.com/trendline/artificial-intelligence/418/ Four ways to get proactive about ransomware - Despite being around for more than three decades, ransomware attacks are more pervasive and successful than ever. Theres one reason for this: monetization. https://www.scmagazine.com/perspective/four-ways-to-get-proactive-about-ransomware Protecting against cross-platform account takeover - Email continues on as the biggest threat vector organizations face today, offering cybercriminals a broad attack surface to target for phishing, fraud, and social engineering schemes, as well as whats arguably the most dangerous type of email attack: account takeover. https://www.scmagazine.com/perspective/protecting-against-cross-platform-account-takeover Uncle Sam urges action after Black Basta ransomware infects Ascension - US information security agencies have published advisories on how to detect and thwart the Black Basta ransomware gang - after the crew claimed responsibility for the recent attack on US healthcare provider Ascension. https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/ Seven AI attack threats and what to do about them - Its time we wake up. While AIs promise to drive efficiencies presents an attractive proposition, we need to stay hyper-aware of AIs inherent risks. https://www.scmagazine.com/perspective/seven-ai-attack-threats-and-what-to-do-about-them CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS: Cybersecurity incident impacts operations at Ascension hospitals - Editor's Note: On Friday morning, May 10, CNN reported that four sources briefed on the Ascension hack investigation said that the Black Basta ransomware group was behind the attack. https://www.scmagazine.com/news/cybersecurity-incident-impacts-operations-at-ascension-hospitals Dell warns of data breach, 49 million customers allegedly affected - Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/ Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach - Multifactor authentication prevented hackers from accessing the U.S. institutions systems in the October campaign, documents show. https://www.nextgov.com/cybersecurity/2024/05/thwarted-cyberattack-targeted-library-congress-tandem-october-british-library-breach/396399/ UK Military Data Breach a Reminder of Third-Party Risk in Defense Sector - The disclosure of a breach exposing data on over 225,000 UK military personnel underscores the global security risks associated with external contractors to defense entities. https://www.darkreading.com/cyberattacks-data-breaches/breach-of-uk-military-personnel-data-a-reminder-of-third-party-risk-in-defense-sector Zscaler Investigates Hacking Claims After Data Offered for Sale - Cybersecurity giant Zscaler rushed to conduct an investigation on Wednesday after a notorious hacker offered to sell access to the companys systems. https://www.securityweek.com/zscaler-investigates-hacking-claims-after-data-offered-for-sale/ Poland says it was targeted by Russian military intelligence hackers - Russian state-sponsored hackers have targeted Polish government institutions in a recent espionage campaign, according to a new report. https://therecord.media/poland-cyber-espionage-russia-gru Europol confirms incident following alleged auction of staff data - Europol is investigating a cybercriminal's claims that they stole confidential data from a number of the agency's sources. https://www.theregister.com/2024/05/13/europol_data_breach/ FBCS Collection Agency Data Breach Impacts 2.7 Million - In a May 10 update to a filing with the Maine Attorney Generals Office, FBCS revealed that it has identified an additional 724,000 affected individuals, increasing the initial impact estimation to 2,679,555 people. https://www.securityweek.com/fbcs-collection-agency-data-breach-impacts-2-7-million/ Helsinki suffers data breach after hackers exploit unpatched flaw - The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. https://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/ 'Cyberattack' shutters Christie's website days before $840M art mega-auctionc - Christie's website remains offline as of Monday after a "technology security issue" shut it down Thursday night - just days before the venerable auction house planned to flog $840 million of art. https://www.theregister.com/2024/05/13/cyberattack_shutters_christies_website/ Ransomware attack on Nissan North America results in employee data loss - Nissan North America (NNA) notified consumers on May 15 that a ransomware attack included the loss of certain personal information relating to current and former NNA employees, including Social Security numbers. https://www.scmagazine.com/news/ransomware-attack-on-nissan-north-america-results-in-employee-data-loss Return to the top of the newsletter WEB SITE COMPLIANCE - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision. 　　　 　　　Sound Security Control Practices for E-Banking 　　　 　　　1. Security profiles should be created and maintained and specific authorization privileges assigned to all users of e-banking systems and applications, including all customers, internal bank users and outsourced service providers. Logical access controls should also be designed to support proper segregation of duties. 　　　 　　　2. E-banking data and systems should be classified according to their sensitivity and importance and protected accordingly. Appropriate mechanisms, such as encryption, access control and data recovery plans should be used to protect all sensitive and high-risk e-banking systems, servers, databases and applications. 　　　 　　　3. Storage of sensitive or high-risk data on the organization's desktop and laptop systems should be minimized and properly protected by encryption, access control and data recovery plans. 　　　 　　　4. Sufficient physical controls should be in place to deter unauthorized access to all critical e-banking systems, servers, databases and applications. 　　　 　　　5. Appropriate techniques should be employed to mitigate external threats to e-banking systems, including the use of: 　　　 　　　a)　 Virus-scanning software at all critical entry points (e.g. remote access servers, e-mail proxy servers) and on each desktop system. 　　　b)　 Intrusion detection software and other security assessment tools to periodically probe networks, servers and firewalls for weaknesses and/or violations of security policies and controls. 　　　c)　 Penetration testing of internal and external networks. 　　　 　　　6. A rigorous security review process should be applied to all employees and service providers holding sensitive positions. Return to the top of the newsletter FFIEC IT SECURITY - We continue our series on the FFIEC interagencyInformation Security Booklet.　　 　 　SECURITY CONTROLS - IMPLEMENTATION 　 　LOGICAL AND ADMINISTRATIVE ACCESS CONTROL　 　 　AUTHENTICATION　-　Single Sign - On 　 　Several single sign - on protocols are in use. Those protocols allow clients to authenticate themselves once to obtain access to a range of services. An advantage of single sign - on systems is that users do not have to remember or possess multiple authentication mechanisms, potentially allowing for more complex authentication methods and fewer user - created weaknesses. Disadvantages include the broad system authorizations potentially tied to any given successful authentication, the centralization of authenticators in the single sign - on server, and potential weaknesses in the single sign - on technologies. 　 　When single sign - on systems allow access for a single login to multiple instances of sensitive data or systems, financial institutions should employ robust authentication techniques, such as multi - factor, PKI, and biometric techniques. Financial institutions should also employ additional controls to protect the authentication server and detect attacks against the server and server communications. Return to the top of the newsletter NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook. 　Chapter 9 - Assurance 　 　9.3.6 Evaluations 　 　A product evaluation normally includes testing. Evaluations can be performed by many types of organizations, including government agencies, both domestic and foreign; independent organizations, such as trade and professional organizations; other vendors or commercial groups; or individual users or user consortia. Product reviews in trade literature are a form of evaluation, as are more formal reviews made against specific criteria. Important factors for using evaluations are the degree of independence of the evaluating group, whether the evaluation criteria reflect needed security features, the rigor of the testing, the testing environment, the age of the evaluation, the competence of the evaluating organization, and the limitations placed on the evaluations by the evaluating group (e.g., assumptions about the threat or operating environment). 　 　9.3.7 Assurance Documentation 　 　The ability to describe security requirements and how they were met can reflect the degree to which a system or product designer understands applicable security issues. Without a good understanding of the requirements, it is not likely that the designer will be able to meet them. 　 　Assurance documentation can address the security either for a system or for specific components. System-level documentation should describe the system's security requirements and how they have been implemented, including interrelationships among applications, the operating system, or networks. System-level documentation addresses more than just the operating system, the security system, and applications; it describes the system as integrated and implemented in a particular environment. Component documentation will generally be an off-the-shelf product, whereas the system designer or implementer will generally develop system documentation. 　 　9.3.8 Accreditation of Product to Operate in Similar Situation 　 　The accreditation of a product or system to operate in a similar situation can be used to provide some assurance. However, it is important to realize that an accreditation is environment- and system-specific. Since accreditation balances risk against advantages, the same product may be appropriately accredited for one environment but not for another, even by the same accrediting official.