MISCELLANEOUS CYBERSECURITY NEWS:

Cybersecurity jobs pay well, but gender disparities persist - ISC2’s analysis found significant financial upside for professionals in U.S. cybersecurity jobs, but there are gaps across levels of seniority by gender. https://www.cybersecuritydive.com/news/security-professionals-salaries/712939/

Security biz KnowBe4 hired fake North Korean techie, who got straight to work ... on evil - If it can happen to folks that run social engineering defence training, what hope for the rest of us? https://www.theregister.com/2024/07/24/knowbe4_north_korean/

CrowdStrike blames testing bugs for security update that took down 8.5M Windows PCs - Security firm CrowdStrike has posted a preliminary post-incident report about the botched update to its Falcon security software that caused as many as 8.5 million Windows PCs to crash over the weekend, delaying flights, disrupting emergency response systems, and generally wreaking havoc. https://arstechnica.com/information-technology/2024/07/crowdstrike-blames-testing-bugs-for-security-update-that-took-down-8-5m-windows-pcs/ 

NIST releases open-source platform for AI safety testing - The National Institute of Standards and Technology (NIST) released a new open-source software tool for testing the resilience of machine learning (ML) models to various types of attacks. https://www.scmagazine.com/news/nist-releases-open-source-platform-for-ai-safety-testing

US senators turn up heat on automakers over sale of driver data - A pair of influential U.S. senators are calling on automakers to come clean on how they handle driver data. https://www.scmagazine.com/news/us-senators-turns-up-heat-on-automakers-over-driver-data

GAO - DHS Has Efforts Underway to Implement Federal Incident Reporting Requirements: https://www.gao.gov/products/gao-24-106917

Global data breach costs reach all-time high of $4.9M, IBM says - U.S. organizations led the world with the highest average data breach cost, a dubious distinction it has earned for the 14th straight year. https://www.cybersecuritydive.com/news/ibm-data-breach-cost-credentials-phishing/722689/

Remote-access tools the intrusion point to blame for most ransomware attacks - Self-managed VPNs from Cisco and Citrix were 11 times more likely to be linked to a ransomware attack last year. https://www.cybersecuritydive.com/news/remote-access-tools-ransomware/716320/

CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT & LOSS:

3,000 GitHub accounts found distributing malware - Developers can never be too careful as a network of more than 3,000 malicious accounts were discovered on GitHub as a part of a distribution-as-a-service (DaaS) that aims to distribute malicious links and malware, including Atlantida Stealer, Rhadamanthys, RisePro, Lumma Stealer, and RedLine. https://www.scmagazine.com/news/3000-github-accounts-found-distributing-malware

AT&T outage blocked more than 25,000 emergency calls, says FCC - A network misconfiguration by an AT&T Mobility employee caused the 12-hour network outage in February that blocked more than 25,000 emergency 911 calls, according to a July 22 report released by the Federal Communications Commission (FCC). https://www.scmagazine.com/news/att-outage-blocked-more-than-25000-emergency-calls-says-fcc

French telecom infrastructure damaged in another sabotage attack - Fiber optic networks of several French telecommunication service providers have been “sabotaged” overnight, disrupting some fixed and mobile services. https://therecord.media/french-telecom-infrastructure-sabotage

Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update - Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users - just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update. https://www.theregister.com/2024/07/29/google_password_manager_outage

Data Breaches4.3 Million Impacted by HealthEquity Data Breach - The incident, the company said in a regulatory filing with the Maine Attorney General’s Office, was identified on March 25 and required an “extensive technical investigation”. https://www.securityweek.com/4-3-million-impacted-by-healthequity-data-breach/

Return to the top of the newsletter

WEB SITE COMPLIANCE - We continue the series regarding FDIC Supervisory Insights regarding Incident Response Programs.  (4 of 12)
  
  Reaction Procedures
  
  Assessing security incidents and identifying the unauthorized access to or misuse of customer information essentially involve organizing and developing a documented risk assessment process for determining the nature and scope of the security event. The goal is to efficiently determine the scope and magnitude of the security incident and identify whether customer information has been compromised.
  
  Containing and controlling the security incident involves preventing any further access to or misuse of customer information or customer information systems. As there are a variety of potential threats to customer information, organizations should anticipate the ones that are more likely to occur and develop response and containment procedures commensurate with the likelihood of and the potential damage from such threats. An institution's information security risk assessment can be useful in identifying some of these potential threats. The containment procedures developed should focus on responding to and minimizing potential damage from the threats identified. Not every incident can be anticipated, but institutions should at least develop containment procedures for reasonably foreseeable incidents.

Return to the top of the newsletter

FFIEC IT SECURITY - We continue our series on the FFIEC interagency Information Security Booklet.  
  
  SECURITY CONTROLS - IMPLEMENTATION - NETWORK ACCESS
  
  Firewalls
  
  A firewall is a collection of components (computers, routers, and software) that mediate access between different security domains. All traffic between the security domains must pass through the firewall, regardless of the direction of the flow. Since the firewall serves as a choke point for traffic between security domains, they are ideally situated to inspect and block traffic and coordinate activities with network IDS systems.
  
  Financial institutions have four primary firewall types from which to choose: packet filtering, stateful inspection, proxy servers, and application-level firewalls. Any product may have characteristics of one or more firewall types. The selection of firewall type is dependent on many characteristics of the security zone, such as the amount of traffic, the sensitivity of the systems and data, and applications.  Over the next few weeks we will discussed the different types of firewalls.

Return to the top of the newsletter

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY - We continue the series on the National Institute of Standards and Technology (NIST) Handbook.
 
 Section III. Operational Controls - Chapter 10
 
 10.1.2 Determining Position Sensitivity
 
 Knowledge of the duties and access levels that a particular position will require is necessary for determining the sensitivity of the position. The responsible management official should correctly identify position sensitivity levels so that appropriate, cost-effective screening can be completed.
 
 Various levels of sensitivity are assigned to positions in the federal government. Determining the appropriate level is based upon such factors as the type and degree of harm (e.g., disclosure of private information, interruption of critical processing, computer fraud) the individual can cause through misuse of the computer system as well as more traditional factors, such as access to classified information and fiduciary responsibilities. Specific agency guidance should be followed on this matter.
 
 It is important to select the appropriate position sensitivity, since controls in excess of the sensitivity of the position wastes resources, while too little may cause unacceptable risks.