MISCELLANEOUS CYBERSECURITY NEWS:

Why MFA alone will no longer suffice - Account takeover attacks have become top of mind for today’s security leaders, and it’s clear why: if gone undetected, these incidents can lead to significant financial losses, business disruption, and reputational damage. https://www.scmagazine.com/perspective/why-mfa-alone-will-no-longer-suffice

Half of critical open source projects contain memory-unsafe code, U.S. cyber agency says - Over half of critical open source tools are underpinned by code that does not internally manage memory spillover risks, opening them up to potential exploitation by hackers, according to findings released by Cybersecurity and Infrastructure Security Agency on Wednesday.
https://www.nextgov.com/cybersecurity/2024/06/half-critical-open-source-projects-contain-memory-unsafe-code-us-cyber-agency-says/397702/
https://www.securityweek.com/us-allies-warn-of-memory-unsafety-risks-in-open-source-software/

What you need to know before you can modernize your network-security architecture - Bringing your network security up to par involves a fair amount of self-discovery, followed by performing due diligence regarding potential vendors. https://www.scmagazine.com/resource/what-you-need-to-know-before-you-can-modernize-your-network-security-architecture

Who can it be now? Australia warns of rogue Wi-Fi at airports - Officials in Australia are warning travelers following the discovery of rogue Wi-Fi points in one of the nation’s airports. https://www.scmagazine.com/news/who-can-it-be-now-australia-warns-of-rogue-wi-fi-at-airports

Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation - Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors. https://www.cybersecuritydive.com/news/supreme-court-chevron-doctrine-cybersecurity/720449/ 

Indonesian government didn't have backups of ransomwared data, because DR was only an option - Indonesia’s president Joko Widodo has ordered an audit of government datacenters after it was revealed that most of the data they store is not backed up. https://www.theregister.com/2024/07/01/indonesian_president_orders_datacenter_audit/

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

LockBit lied: Stolen data is from a bank, not US Federal Reserve - Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve/

Crimea warns of internet disruptions following DDoS attacks on local telecom operators - Local authorities in Crimea are warning of internet disruptions from distributed denial-of-service (DDoS) attacks targeting telecommunication providers. https://therecord.media/crimea-internet-disruptions-ddos-telecom

TeamViewer’s IT network breached through compromised employee credentials - The remote access software provider said the impact of the attack from Midnight Blizzard was limited to its internal network and customer environments were not affected. https://www.cybersecuritydive.com/news/teamviewers-breached-employee-credentials/720306/

CDK eyes service restoration for all car dealers by Fourth of July - The software vendor is critical to the automotive retail supply chain. A systemwide outage following a cyberattack has impacted more than 15,000 car dealers since June 19. https://www.cybersecuritydive.com/news/cdk-restoration-fourth-of-july/720391/

Cybersecurity is now a top concern for auto industry, report finds - Automotive leaders fear exposure to threats will worsen as the sector invests more in technology to drive efficiencies, Rockwell Automation found. https://www.cybersecuritydive.com/news/cybersecurity-top-concern-auto-industry-rockwell-automation/720453/

Hackers Target Vulnerability Found Recently in Long-Discontinued D-Link Routers - Attackers have started to exploit a critical-severity vulnerability impacting D-Link DIR-859 WiFi routers, which were discontinued four years ago. https://www.securityweek.com/hackers-target-vulnerability-found-recently-in-long-discontinued-d-link-routers/

Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack - Shockwaves from the Russian government’s hack of Microsoft’s corporate infrastructure continue to spread with news that the software giant is notifying surprised customers that their emails were also stolen by the Midnight Blizzard hackers. https://www.securityweek.com/microsoft-alerts-more-customers-to-email-theft-in-expanding-midnight-blizzard-hack/

Prudential Data Breach Victim Count Soars to 2.5M - After initially disclosing a data breach in February to the Securities and Exchange Commission (SEC) that it said was not materially impacting, Prudential Financial has updated its notice with a revised total number of affected residents - a number staggeringly higher than anticipated. https://www.darkreading.com/cyberattacks-data-breaches/prudential-data-breach-victim-count-soars-to-25m

HubSpot reports nearly 50 customer accounts compromised - The customer relationship management vendor said it notified all impacted customers, but it has not publicly disclosed how attackers gained unauthorized access. https://www.cybersecuritydive.com/news/HubSpot-customers-attacked/720597/

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue covering some of the issues discussed in the "Risk Management Principles for Electronic Banking" published by the Basel Committee on Bank Supervision.
  
  Sound Capacity, Business Continuity and Contingency Planning Practices for E-Banking
  
  1. All e-banking services and applications, including those provided by third-party service providers, should be identified and assessed for criticality.
  
  2. A risk assessment for each critical e-banking service and application, including the potential implications of any business disruption on the bank's credit, market, liquidity, legal, operational and reputation risk should be conducted.
  
  3. Performance criteria for each critical e-banking service and application should be established, and service levels should be monitored against such criteria.  Appropriate measures should be taken to ensure that e-banking systems can handle high and low transaction volume and that systems performance and capacity is consistent with the bank's expectations for future growth in e-banking.
  
  4. Consideration should be given to developing processing alternatives for managing demand when e-banking systems appear to be reaching defined capacity checkpoints.
  
  5. E-banking business continuity plans should be formulated to address any reliance on third-party service providers and any other external dependencies required achieving recovery.
  
  6. E-banking contingency plans should set out a process for restoring or replacing e-banking processing capabilities, reconstructing supporting transaction information, and include measures to be taken to resume availability of critical e-banking systems and applications in the event of a business disruption.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
   
   SECURITY CONTROLS - IMPLEMENTATION - NETWORK ACCESS
   
   Protocols and Ports (Part 3 of 3)
   
   Applications are built in conformance with the protocols to provide services from hosts to clients. Because clients must have a standard way of accessing the services, the services are assigned to standard host ports. Ports are logical not physical locations that are either assigned or available for specific network services. Under TCP/IP, 65536 ports are available, and the first 1024 ports are commercially accepted as being assigned to certain services. For instance, Web servers listen for requests on port 80, and secure socket layer Web servers listen on port 443. A complete list of the commercially accepted port assignments is available at www.iana.org.  Ports above 1024 are known as high ports, and are user - assignable. However, users and administrators have the freedom to assign any port to any service, and to use one port for more than one service. Additionally, the service listening on one port may only proxy a connection for a separate service. For example, a Trojan horse keystroke - monitoring program can use the Web browser to send captured keystroke information to port 80 of an attacker's machine. In that case, monitoring of the packet headers from the compromised machine would only show a Web request to port 80 of a certain IP address.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Chapter 9 - Assurance
 
 9.4.2.2 Automated Tools
 
 Several types of automated tools monitor a system for security problems. Some examples follow:
 
 !  Virus scanners are a popular means of checking for virus infections. These programs test for the presence of viruses in executable program files.
 
 !  Checksumming presumes that program files should not change between updates. They work by generating a mathematical value based on the contents of a particular file. When the integrity of the file is to be verified, the checksum is generated on the current file and compared with the previously generated value. If the two values are equal, the integrity of the file is verified. Program checksumming can detect viruses, Trojan horses, accidental changes to files caused by hardware failures, and other changes to files. However, they may be subject to covert replacement by a system intruder. Digital signatures can also be used.
 
 !  Password crackers check passwords against a dictionary (either a "regular" dictionary or a specialized one with easy-to-guess passwords) and also check if passwords are common permutations of the user ID. Examples of special dictionary entries could be the names of regional sports teams and stars; common permutations could be the user ID spelled backwards.
 
 !  Integrity verification programs can be used by such applications to look for evidence of data tampering, errors, and omissions. Techniques include consistency and reasonableness checks and validation during data entry and processing. These techniques can check data elements, as input or as processed, against expected values or ranges of values; analyze transactions for proper flow, sequencing, and authorization; or examine data elements for expected relationships. These programs comprise a very important set of processes because they can be used to convince people that, if they do what they should not do, accidentally or intentionally, they will be caught. Many of these programs rely upon logging of individual user activities.
 
 !  Intrusion detectors analyze the system audit trail, especially log-ons, connections, operating system calls, and various command parameters, for activity that could represent unauthorized activity.
 
 !  System performance monitoring analyzes system performance logs in real time to look for availability problems, including active attacks (such as the 1988 Internet worm) and system and network slowdowns and crashes.