MISCELLANEOUS CYBERSECURITY NEWS:

Microsoft president promises significant culture changes geared towards security - Microsoft President Brad Smith promised to move forward with significant culture changes at the tech giant as the company accepted full responsibility for its security failures, he said in testimony Thursday before the House Committee on Homeland Security. https://www.cybersecuritydive.com/news/microsoft-president-culture-changes-security/719003/ Decade-old cyber advice from GAO remains unimplemented, watchdog says - Nearly 570 out of 1,610 cybersecurity recommendations for federal agencies remain unimplemented as of May 2024, hindering the government’s ability to protect its sensitive systems, critical infrastructure and sensitive data from hackers, according to a report from the Government Accountability Office. https://www.nextgov.com/cybersecurity/2024/06/decade-old-cyber-advice-gao-remains-unimplemented-watchdog-says/397356/ What to do about the rise of unknown attack vectors in the ransomware playbook - Just when cybersecurity pros started to feel confident about their mitigation plans – automation, educating users about social engineering scams, and building adaptable security mechanism – cybercriminals have thrown a curveball: a rise in ransomware powered by "unknown" attack vectors. https://www.scmagazine.com/perspective/what-to-do-about-the-rise-of-unknown-attack-vectors-in-the-ransomware-playbook The future of identity management: Transitioning from operational to intelligent platforms - With identity being the new security perimeter, identity platforms are now an integral part of the core security stack. https://www.scmagazine.com/resource/the-future-of-identity-management-transitioning-from-operational-to-intelligent-platforms MFA plays a rising role in major attacks, research finds - Poor configurations and deliberate MFA bypasses were at the center of numerous attacks in recent months, Cisco Talos found. https://www.cybersecuritydive.com/news/mfa-multi-factor-authentication-cisco-talos-cyber/719254/ Former IT employee gets 2.5 years for wiping 180 virtual servers - A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. https://www.bleepingcomputer.com/news/security/former-it-employee-gets-25-years-for-wiping-180-virtual-servers/ CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS: Los Angeles schools investigating claims of data for sale on dark web - The alleged incident is raising questions as to whether there’s been a more recent data breach in the district since September 2022. https://www.cybersecuritydive.com/news/lausd-investigating-data-sale-dark-web-claim/718738/ City of Cleveland Scrambling to Restore Systems Following Cyberattack - The incident was disclosed on June 10, when the city announced that it took its systems offline as a containment measure. https://www.securityweek.com/city-of-cleveland-scrambling-to-restore-systems-following-cyberattack/ Exploit for Veeam Recovery Orchestrator auth bypass available, patch now - A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. https://www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/ Truist Bank says breach of customer data is unrelated to Snowflake - Truist Bank confirmed it suffered a breach of its network and exposure of some customer data after a security researcher reported spotting dark web advertisements for the pilfered account details. https://www.scmagazine.com/news/truist-bank-says-breach-of-customer-data-is-unrelated-to-snowflake Patient data stolen in Ascension ransomware attack, but EHR restored - Ascension this week made two follow-up announcements around the Black Basta ransomware attack that forced the non-profit healthcare provider to shut down its systems across 142 hospitals and 40 senior facilities in early May and resort to filling out charts on paper. https://www.scmagazine.com/news/patient-data-stolen-in-ascension-ransomware-attack-but-ehr-restored Attackers accessed consumer information, says Globe Life in SEC filing - Globe Life reported to the Securities and Exchange Commission (SEC) that a breach of a company web portal resulted in the unauthorized access to consumer and policyholder information. https://www.scmagazine.com/news/attackers-accessed-consumer-information-says-globe-life-in-sec-filing London hospitals cancel over 800 operations after ransomware attack - NHS England revealed today that multiple London hospitals impacted by last week’s Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. https://www.bleepingcomputer.com/news/security/london-hospitals-cancel-over-800-operations-after-ransomware-attack/ Patient data stolen in Ascension ransomware attack, but EHR restored - Ascension this week made two follow-up announcements around the Black Basta ransomware attack that forced the non-profit healthcare provider to shut down its systems across 142 hospitals and 40 senior facilities in early May and resort to filling out charts on paper. https://www.scmagazine.com/news/patient-data-stolen-in-ascension-ransomware-attack-but-ehr-restored Keytronic Says Personal Information Stolen in Ransomware Attack - Printed circuit board assembly (PCBA) manufacturing firm Keytronic has disclosed a data breach after a ransomware gang published information allegedly stolen from its network. https://www.securityweek.com/keytronic-says-personal-information-stolen-in-ransomware-attack/ 200,000 Impacted by Data Breach at Los Angeles County Public Health Agency - The LA County’s Department of Public Health says the personal information of 200,000 was compromised in a data breach. The County of Los Angeles’ Department of Public Health (DPH) has disclosed a data breach impacting the personal information of 200,000 individuals. https://www.securityweek.com/200000-impacted-by-data-breach-at-los-angeles-county-public-health-agency/ Blackbaud has to cough up a few million dollars more over 2020 ransomware attack - Months after escaping without a fine from the US Federal Trade Commission (FTC), the luck of cloud software biz Blackbaud ran out when it came to reaching a settlement with California's attorney general. https://www.theregister.com/2024/06/17/blackbaud_breach_california_settlement/ Return to the top of the newsletter WEB SITE COMPLIANCE - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision.      Sound Audit Trail Practices for E-Banking Systems      1. Sufficient logs should be maintained for all e-banking transactions to help establish a clear audit trail and assist in dispute resolution.      2. E-banking systems should be designed and installed to capture and maintain forensic evidence in a manner that maintains control over the evidence, and prevents tampering and the collection of false evidence.      3. In instances where processing systems and related audit trails are the responsibility of a third-party service provider:      a)   The bank should ensure that it has access to relevant audit trails maintained by the service provider.      b)   Audit trails maintained by the service provider meet the bank's standards. Return to the top of the newsletter FFIEC IT SECURITY -  We continue our series on the FFIEC interagency Information Security Booklet.          SECURITY CONTROLS - IMPLEMENTATION - NETWORK ACCESS        Protocols and Ports (Part 1 of 3)        Network communications rely on software protocols to ensure the proper flow of information. A protocol is a set of rules that allows communication between two points in a telecommunications connection. Different types of networks use different protocols. The Internet and most intranets and extranets, however, are based on the TCP/IP layered model of protocols. That model has four layers, and different protocols within each layer. The layers, from bottom to top, are the network access layer, the Internet layer, the host-to-host layer, and the application layer. Vulnerabilities and corresponding attack strategies exist at each layer. This becomes an important consideration in evaluating the necessary controls. Hardware and software can use the protocols to restrict network access. Likewise, attackers can use weaknesses in the protocols to attack networks.        The primary TCP/IP protocols are the Internet protocol (IP) and the transmission control protocol (TCP). IP is used to route messages between devices on a network, and operates at the Internet layer. TCP operates at the host-to-host layer, and provides a connection-oriented, full - duplex, virtual circuit between hosts. Different protocols support different services for the network. The different services often introduce additional vulnerabilities. For example, a third protocol, the user datagram protocol (UDP) is also used at the host-to-host layer. Unlike TCP, UDP is not connection - oriented, which makes it faster and a better protocol for supporting broadcast and streaming services. Since UDP is not connection-oriented, however, firewalls often do not effectively filter it. To provide additional safeguards, it is often blocked entirely from inbound traffic or additional controls are added to verify and authenticate inbound UDP packets as coming from a trusted host. Return to the top of the newsletter NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.    Chapter 9 - Assurance    9.4.1.2 Internal Controls Audit    An auditor can review controls in place and determine whether they are effective. The auditor will often analyze both computer and noncomputer-based controls. Techniques used include inquiry, observation, and testing (of both the controls themselves and the data). The audit can also detect illegal acts, errors, irregularities, or a lack of compliance with laws and regulations. Security checklists and penetration testing, discussed below, may be used.    9.4.1.3 Security Checklists    Within the government, the computer security plan provides a checklist against which the system can be audited. This plan outlines the major security considerations for a system, including management, operational, and technical issues. One advantage of using a computer security plan is that it reflects the unique security environment of the system, rather than a generic list of controls. Other checklists can be developed, which include national or organizational security policies and practices (often referred to as baselines). Lists of "generally accepted security practices" (GSSPs) can also be used. Care needs to be taken so that deviations from the list are not automatically considered wrong, since they may be appropriate for the system's particular environment or technical constraints.    Checklists can also be used to verify that changes to the system have been reviewed from a security point of view. A common audit examines the system's configuration to see if major changes (such as connecting to the Internet) have occurred that have not yet been analyzed from a security point of view.    Warning: Security Checklists that are passed (e.g., with a B+ or better score) are often used mistakenly as proof (instead of an indication) that security is sufficient. Also, managers of systems which "fail" a checklist often focus too much attention on "getting the points," rather than whether the security measures makes sense in the particular environment and are correctly implemented.