|
MISCELLANEOUS CYBERSECURITY NEWS:
Broadband Buildout Initiative - Apply by August 5 new Dallas
Fed program will provide technical assistance to selected
communities that are working on broadband infrastructure
projects.
https://www.dallasfed.org/cd/digital?utm_source=MarketingCloud&utm_medium=email&utm_campaign=24.06.27+CD+-+DI+Round+2&utm_content=Read+more
Deadline looms for alleged LockBit extortion of Feds over
33TB of data - UPDATE: The deadline passed this afternoon at
2:27 Eastern on a threat ransomware group LockBit allegedly
made to the Federal Reserve Board that they would release 33
terabytes of government data if a ransom was not paid. As of
5:18 Eastern, a Google search found no recent updates on the
story and of three government agencies contacted, only the
FBI responded, saying: "Thank you for reaching out. The FBI
declines to comment."
https://www.scmagazine.com/news/lockbit-claims-ransom-negotiations-with-the-fed-over-33tb-of-stolen-data
US to ban Kaspersky software sales over ties with Russia - A
report from Reuters cites sources familiar in reporting that
the Biden administration is set to introduce new measures
that would bar the import and sales of both
Kaspersky-branded software and �white label� products that
use Kaspersky software under a different brand name. The
company confirmed the report and said it plans to fight the
decision.
https://www.scmagazine.com/news/us-to-ban-kaspersky-software-sales-over-ties-with-russia-reports-say
After 2 hacks, CDK Global warns customers of
social-engineering attacks - After experiencing two
cyberattacks this week in which it had to take down its
customer support lines and shut down most of its systems,
CDK Global posted a voicemail advising that threat actors
are contacting CDK customers and business partners posing as
members or affiliates of CDK.
https://www.scmagazine.com/news/after-2-hacks-cdk-global-warns-customers-of-social-engineering-attacks
The common denominator behind CDK and other recent breaches
- CDK Global was the latest company to fall victim to a
massive cyberattack and as a result, was forced to shut down
many of its systems.
https://www.scmagazine.com/perspective/identity-the-common-denominator-behind-cdk-and-other-recent-breaches
Cyber insurance terms drive companies to invest more in
security, report finds - Though recovery costs continue to
outpace coverage, companies are investing in network
security to lower premiums and yield better policy terms.
https://www.cybersecuritydive.com/news/cyber-insurance-companies-invest-security/719930/
Foster a collaborative security culture to avoid becoming
the �chief incident scapegoat officer� - Even just 10 years
ago, the chief information security officer (CISO) role was
more straightforward. Much has changed over that time, and
radical changes to the threat landscape have forced the CISO
to evolve.
https://www.scmagazine.com/perspective/foster-a-cybersecurity-culture-to-avoid-becoming-the-chief-incident-scapegoat-officer
CYBERSECURITY
ATTACKS, INTRUSIONS, DATA THEFT & LOSS:
After 2 hacks, CDK Global warns customers of
social-engineering attacks - After experiencing two
cyberattacks this week in which it had to take down its
customer support lines and shut down most of its systems,
CDK Global posted a voicemail advising that threat actors
are contacting CDK customers and business partners posing as
members or affiliates of CDK.
https://www.scmagazine.com/news/after-2-hacks-cdk-global-warns-customers-of-social-engineering-attacks
Identity: the common denominator behind CDK and other recent
breaches - CDK Global was the latest company to fall victim
to a massive cyberattack and as a result, was forced to shut
down many of its systems.
https://www.scmagazine.com/perspective/identity-the-common-denominator-behind-cdk-and-other-recent-breaches
Santander warns US employees bank account info stolen in
third-party database hack - Santander Bank warned thousands
of U.S. employees that their direct deposit bank account
information and social security numbers may have been
obtained in a third-party database hack, according to
filings with the Attorney�s General of Maine and Vermont.
https://www.cybersecuritydive.com/news/santander-employees-database-hack/719394/
Scathing report on Medibank cyberattack highlights
unenforced MFA - A scathing report by Australia's
Information Commissioner details how misconfigurations and
missed alerts allowed a hacker to breach Medibank and steal
data from over 9 million people.
https://www.bleepingcomputer.com/news/security/scathing-report-on-medibank-cyberattack-highlights-unenforced-mfa/
Single point of software failure could hamstring 15K car
dealerships for days - CDK Global touts itself as an
all-in-one software-as-a-service solution that is "trusted
by nearly 15,000 dealer locations." One connection, over an
always-on VPN to CDK's data centers, gives a dealership
customer relationship management (CRM) software, financing,
inventory, and more back-office tools.
https://arstechnica.com/information-technology/2024/06/cyberattacks-have-forced-thousands-of-car-dealerships-to-paper-for-a-second-day/
Massachusetts 911 Outage Caused by Errant Firewall - A
statewide outage of the 911 emergency response system in
Massachusetts this week was caused by an errant firewall
that prevented calls from getting to the 911 dispatch
centers.
https://www.securityweek.com/massachusetts-911-outage-caused-by-errant-firewall/
Crown Equipment confirms a cyberattack disrupted
manufacturing - Forklift manufacturer Crown Equipment
confirmed today that it suffered a cyberattack earlier this
month that disrupted manufacturing at its plants.
https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/
Levi�s caught with pants down: Hackers expose 72,000
customer account details - Denim clothing king Levi Strauss
said some 72,000 customer accounts could be under attack
from threat actors.
https://www.scmagazine.com/news/levis-gets-stripped-of-72000-customer-account-details
Coding error in forgotten API blamed for massive data breach
- The data breach at Australian telco Optus, which saw over
nine million customers' personal information exposed, has
been blamed on a coding error that broke API access
controls, and was left in place for years.
https://www.theregister.com/2024/06/21/optus_data_breach_faulty_api/
Crooks get their hands on 500K+ radiology patients' records
in cyber-attack - The 90-year-old Minnesota-based healthcare
biz provides on-site radiology services for 22 hospitals and
clinics, plus remote teleradiology for more than 100
facilities in upper Midwest America.
https://www.theregister.com/2024/06/20/radiology_information_loss/
Change Healthcare lists the medical data stolen in
ransomware attack - UnitedHealth has confirmed for the first
time what types of medical and patient data were stolen in
the massive Change Healthcare ransomware attack, stating
that data breach notifications will be mailed in July.
https://www.bleepingcomputer.com/news/security/change-healthcare-lists-the-medical-data-stolen-in-ransomware-attack/
LivaNova USA Discloses Data Breach Impacting 130,000
Individuals - The incident, according to a notification
letter to the impacted individuals, was identified on
November 19, roughly one month after hackers breached its
network.
https://www.securityweek.com/livanova-usa-discloses-data-breach-impacting-130000-individuals/
Indonesia's national data center encrypted with LockBit
ransomware variant - Hackers have encrypted systems at
Indonesia's national data center with ransomware, disrupting
immigration checks at airports and a variety of other public
services, according to the country's communications
ministry.
https://therecord.media/indonesia-national-data-centre-hacked
Return to the top of the
newsletter
WEB SITE
COMPLIANCE - We continue covering some of the
issues discussed in the "Risk Management Principles for
Electronic Banking" published by the Basel Committee on Bank
Supervision.
Sound Practices to Help Maintain the Privacy of
Customer E-Banking Information
1. Banks should employ appropriate cryptographic
techniques, specific protocols or other security controls to
ensure the confidentiality of customer e-banking data.
2. Banks should develop appropriate procedures and
controls to periodically assess its customer security
infrastructure and protocols for e-banking.
3. Banks should ensure that its third-party service
providers have confidentiality and privacy policies that are
consistent with their own.
4. Banks should take appropriate steps to inform e-banking
customers about the confidentiality and privacy of their
information. These steps may include:
a) Informing customers of the bank's privacy policy,
possibly on the bank's website. Clear, concise language in
such statements is essential to assure that the customer
fully understands the privacy policy. Lengthy legal
descriptions, while accurate, are likely to go unread by the
majority of customers.
b) Instructing customers on the need to protect their
passwords, personal identification numbers (PINs) and other
banking and/or personal data.
c) Providing customers with information regarding the
general security of their personal computer, including the
benefits of using virus protection software, physical access
controls and personal firewalls for static Internet
connections.
Return to the top of the
newsletter
FFIEC IT
SECURITY - We continue our series on the FFIEC
interagencyInformation Security Booklet.
SECURITY CONTROLS - IMPLEMENTATION - NETWORK ACCESS
Protocols and Ports (Part 2 of 3)
Other common protocols in a TCP/IP network include the
following types.
! Address resolution protocol (ARP) - Obtains the
hardware address of connected devices and matches that
address with the IP address for that device. The hardware
address is the Ethernet card's address, technically referred
to as the "media access control" (MAC) address. Ethernet
systems route messages by the MAC address, requiring a
router to obtain both the IP address and the MAC address of
connected devices. Reverse ARP (RARP) also exists as a
protocol.
! Internet control message protocol (ICMP) - Used to send
messages about network health between devices, provides
alternate routing information if trouble is detected, and
helps to identify problems with a routing.
! File transfer protocol (FTP) - Used to browse
directories and transfer files. Although access can be
authenticated or anonymous, FTP does not support encrypted
authentication. Conducting FTP within encrypted channels,
such as a Virtual Private Network (VPN), secure shell (SSH)
or secure sockets layer (SSL) sessions can improve security.
! Trivial file transfer protocol (TFTP) - A file transfer
protocol with no file - browsing ability, and no support for
authentication.
! Simple mail - transfer protocol (SMTP) - Commonly used
in e-mail systems to send mail.
! Post office protocol (POP) - Commonly used to receive
e-mail.
! Hypertext transport protocol (HTTP) - Used for Web
browsing.
! Secure shell (SSH) - Encrypts communications sessions,
typically used for remote administration of servers.
! Secure sockets layer (SSL) - Typically used to encrypt
Webbrowsing sessions, sometimes used to secure e-mail
transfers and FTP sessions.
Return to the top of the newsletter
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
- We continue the series on the National Institute of
Standards and Technology (NIST) Handbook.
Chapter 9 - Assurance
.4.1.4 Penetration Testing
Penetration testing can use many methods to attempt a
system break-in. In addition to using active automated tools
as described above, penetration testing can be done
"manually." The most useful type of penetration testing is
to use methods that might really be used against the system.
For hosts on the Internet, this would certainly include
automated tools. For many systems, lax procedures or a lack
of internal controls on applications are common
vulnerabilities that penetration testing can target. Another
method is "social engineering," which involves getting users
or administrators to divulge information about systems,
including their passwords.
9.4.2 Monitoring Methods and Tools
Security monitoring is an ongoing activity that looks for
vulnerabilities and security problems. Many of the methods
are similar to those used for audits, but are done more
regularly or, for some automated tools, in real time.
9.4.2.1 Review of Systems Logs
A periodic review of system-generated logs can detect
security problems, including attempts to exceed access
authority or gain system access during unusual hours. |
|
