Search This Blog

Showing posts with label Risk Management. Show all posts

NIST Seeking Feedback for a New Cybersecurity Framework and Supply Chain Guidance

 

Addressing the SolarWinds disaster and other major third-party assaults targeting vital infrastructure, the National Institute of Standards and Technology is due to publish advice for securing organizations against supply chain breaches. [Special Publication 800-161] is the most important cybersecurity supply chain risk management guidance.' Angela Smith of the National Institute of Standards and Technology (NIST) stated. 

Angela Smith of the NIST talked at an Atlantic Council session on Tuesday about initiatives to protect information and communications technology supply chains. The first big revised version will be released by the end of next week, so stay tuned if you haven't already reviewed some of the public drafts. 

The NIST upgrade comes as the Biden administration tries to use the government's procurement power to prod contractors such as IT management firm SolarWinds and other software vendors to improve the security of their environments. 

Vendors of the underlying information and communications technology are pitching in and the Cybersecurity and Infrastructure Security Agency consider expanding private-sector partnerships and taking a more comprehensive approach to tackling dangers to critical infrastructure. 

Future guidelines on trying to manage cybersecurity risks that emerge through the supply chain, according to Smith, would focus more on actions for providers along the chain to address, in addition to the upcoming change. The current literature on the subject has been centered on the organizations' responsibilities for integrating supply-chain aspects into existing surroundings. 

The previous draft version, R2, which was released in October 2021, had a new appendix, Appendix F, which gave implementation assistance for Executive Order 14028 to government agencies. Following NIST's February 4, 2022, Secure Software Development Framework (SSDF) Recommendations, the SP 800-161 release scheduled for next week is likely to deliver more EO 14028 guidance.

The CSF was last updated by NIST in 2018. "There is no single reason causing this transition, This is a scheduled upgrade to keep the CSF current and consistent with other regularly used tools," said Kevin Stine, Chief Cybersecurity Advisor at the NIST. NIST is seeking public input on three primary topics to help guide the revision: revisions to the CSF itself, relationships and alignment between the CSF and other resources, and approaches to improve supply chain cybersecurity. President Barack Obama directed NIST to develop the CSF and directed federal agencies to use it, as well as advising the private sector to do so.

NIST should give a definition for an agency to "use" the framework, and agencies should furnish NIST with cybersecurity risk documents developed and used to comply with this requirement. For enterprises that are utilizing or considering adopting the NIST Cybersecurity Framework, seeing how it is used by US government entities would be extremely beneficial.

Kiteworks Leased Email Encryption Totemo

 

Kiteworks, the leading email encryption gateway supplier, regulates and secures vital digital content traveling within and out of global corporations, and used by hundreds of the largest multinational organizations in the German, Austrian, and Swiss markets. Kiteworks enables businesses to effectively manage risk and assure compliance with all the sensitive content sent, shared, received, and saved. 

This is accomplished using the Kiteworks platform, which unifies, tracks, controls, and secures all sensitive digital content communications sent through the platform via email, file share, managed file transfer, web forms, and application programming interfaces (APIs).

The totemo purchase expands the Kiteworks platform's email functionality beyond user or plug-in activation within the platform to the native mail client, offering automatic coverage of any sensitive digital content sent and received via email. 

Email content metadata on individuals, apps, devices, networks, protocols, and files will be centrally digested and normalized as totemo's technology will be integrated into the Kiteworks platform in the coming months. To limit the danger of private information being exposed and to meet regulatory compliance requirements, companies can establish centralized and comprehensive tracking and controls. 

Businesses that use this integrated intelligence will strengthen and expand the total cyber-defense strategy, extending privacy protection and compliance beyond the data center, cloud, and wide-area network (WAN) perimeters to third-party sensitive content communications. 

"Acquisition of totemo automates and extends the platform's email encryption with S/MIME, OpenPGP, and TLS protocols," explains Jonathan Yaron, Chairman and Chief Executive Officer of Kiteworks. The acquisition will have a major impact on the governance, compliance, and security industries. Customers may manage and regulate critical information that is distributed both internally and internationally using a mix of technologies from two industry leaders in content communications. 

Kiteworks' ability to allow customers to manage risk and meet regulatory requirements throughout their sensitive content communications infrastructure is strengthened by the synergy between the two businesses' product offerings.

Enterprise-ready, end-to-end encryption and automatic conversion across a wide range of encryption protocols are added to the Kiteworks platform by totemo. No other provider can match this set of skills, much alone the associated business benefits like compliance, risk mitigation, and operational efficiency. 

The conclusion is that businesses must do more to safeguard their sensitive data. CIOs, CISOs, and risk and compliance managers are under increasing pressure to secure sensitive data and demonstrate regulatory compliance while reducing friction in employees' day-to-day procedures. It must safeguard content when it is at rest, in transit, and in use. 

It also needs to safeguard content during file transfers and file sharing, within APIs, and on web forms, in addition to email. Totemo's email encryption gateway technology will be integrated into the Kiteworks platform, resulting in the most comprehensive private content communications governance, compliance, and risk protection available in the market.

City of Grass Valley, California, Suffers Data Breach

 

After discovering about the breach, Grass Valley stated that they took quick steps to safeguard their networks, alerted law enforcement, and launched an investigation with the help of a cybersecurity firm.

The information of employees, citizens, and others was duplicated and transmitted to another network, according to more details about a significant data breach at the City of Grass Valley, California. The city council previously admitted that "unauthorised access" to its networks occurred between April 13 and July 1, 2021, according to a statement. 

The scope of the attack has now been determined, with the malicious actor transferring files outside of the city's network, including the financial and personal information of "individuals associated with Grass Valley," according to the investigation. The following information was accessed: 
  • Grass Valley employees, former employees, spouses, dependents, and individual vendors, name and one or more of the following: Social Security number, driver’s license number, and limited medical or health insurance information. 
  • Individual vendors that were employed by the city, name, and Social Security number. 
  • Individuals whose information may have been provided to the Grass Valley Police Department, name and one or more of the following: Social Security number, driver’s license number, financial account information, payment card information, limited medical or health insurance information, passport number, and username and password credentials to an online account.
  • Individuals whose data was provided to the Grass Valley Community Development Department in loan application documents, name and one or more of the following: Social Security number, driver’s license number, financial account numbers, and payment card numbers. 
Grass Valley stated it started contacting those affected on January 7 and has notified the appropriate authorities, including law enforcement. For everyone affected by the hack, the city is also providing free credit monitoring services. 

It noted, “Grass Valley sincerely regrets that this incident occurred and apologizes for any inconvenience or concern. To help prevent something like this from happening again, Grass Valley continues to review its systems and is taking steps to enhance existing security protocols.”

How To Assess Supply Chain Security For Your Business

No matter which sector your business works in, you have to depend on third parties that provide goods and services to support your business. It doesn't matter if you're a small business or a large organization operating in the manufacturing and supply chain, these third parties are important for your daily work. 

At some point, suppliers interact on-site or digitally with your business, and this makes them a threat factor. Businesses deal with these risk vectors by denying access to these supplies have, for instance, restricting access in a few areas, or using IT and network resources. 

HelpNet Security says "by formalizing supplier assurance processes and using technology to facilitate their execution across all domains, companies can have confidence in the strength of the supply chain, mitigate cyber risks." 

Generally, IT departments keep an eye on official suppliers that your business use for various areas like cloud assistance, it still remains a business challenge to track cyber security challenges from suppliers throughout your company's supply chain. 

To reduce cybersecurity risks, your business should make sure the supplier you work with can be trusted on protecting the security of data, and services that they are given. In today's date, cyberattacks have become sophisticated, they don't attack the primary target but compromise the weakest link in the supply chain. 

How to identify risks? 
 
Most businesses use a manual approach for assessing their supplies, this includes spreadsheets, Word, or PDF questionnaires via email. However, it is a time-consuming process and cybersecurity risk in itself. Manually processing will make it a challenge for your business to have a clear overview of cybersecurity risks in the supply chain. 

If the data isn't collected on a daily basis, suppliers not able to fill these requirements may go undetected. Even worse, the risks across the supply chain may leave your organization vulnerable to serious cybersecurity implications. If it happens, you're already too late. 

A better approach for risk assessment 

If the data isn't collected on a daily basis, suppliers not able to fill these requirements may go undetected. Even worse, the risks across the supply chain may leave your organization vulnerable to serious cybersecurity implications. 

If it happens, you're already too late."A good framework for supplier assurance requires procurement teams, IT teams, and other departments to work together to ensure they understand each other’s domains, objectives, and responsibilities in terms of cybersecurity and regulatory compliance," reports Helpnet Security. 

Vulnerabilities Detected in Open Source elFinder File Manager

 

In elFinder, an open-source web file organizer, security researchers from SonarSource identified five flaws that form a severe vulnerability chain.

The elFinder file manager is often used in content management systems and frameworks like WordPress plugins and Symfony bundles to make it easier to manage both local and remote files. It's written in JavaScript with the use of jQuery UI. 

The five flaws, termed CVE-2021-32682 as a group, have a CVSS score of 9.8, which means they're highly dangerous. The vulnerability chain impacts elFinder version 2.1.58. 

According to the researchers, exploiting the vulnerabilities may allow an intruder to run arbitrary code and instructions on the server hosting the elFinder PHP connector. The vulnerabilities have been patched in elFinder version 2.1.59. The five weaknesses in the chain are classified by researchers as "innocuous bugs" that may be combined to acquire arbitrary code execution. 

The researchers noted, "We discovered multiple new code vulnerabilities in elFinder and demonstrate how they could be exploited to gain control of the underlying server and its data." 

Update to the latest version:

According to Thomas Chauchefoin, the security researcher at SonarSource, all users should immediately upgrade elFinder to the latest upgrade. 

"There is no doubt these vulnerabilities will also be exploited in the wild because exploits targeting old versions have been publicly released and the connectors filenames are part of compilations of paths to look for when trying to compromise websites." 

While the researchers did not announce any publicly available exploits, they claim that exploiting these issues can allow an attacker to run arbitrary PHP code on the server where elFinder is installed, eventually leading to its takeover. Attackers could then delete or remove any files they want, upload PHP files, and so on. 

"All these bug classes are very common in software that exposes filesystems to users and are likely to impact a broad range of products, not only elFinder," Chauchefoin added.

How Cybercriminals are Hacking ATM Machines? Here's a Quick Look

 

Security researchers have published a report on the modus operandi of the cybercriminals who are using malware, a key from eBay, and a Raspberry Pi to hack ATMs. Here’s how they’re doing it. 

The Modus Operandi

Cybercriminals exploit the vulnerabilities in the operating system of the computers responsible for running the ATMs. Unfortunately, the operating system inside the computers isn’t as secured as the enclosure the computer sits in. Windows 7 is the most common operating system; however, Windows XP is also widely used. These are outdated operating systems that should have made to retire a long time ago. 

Threat actors purchase malware packages from the dark web to exploit the vulnerabilities in these operating systems and to interact with the ATM software. Some of the malware packs contain compromised proprietary software belonging to ATM manufacturers.

Before hacking the ATM, cybercriminals mark the ATMs in a city, and the ones with the high use are targeted. Attacks are typically planned for days such as Black Friday or Valentine’s Day when ATMs are loaded with up to 20 percent more money than usual. ATMs are also loaded with extra money in the weeks leading up to Christmas because many people receive their yearly or Christmas bonus in their pay.

Choice of ATM Brands and Malware Installation 

The popular names in ATM manufacturing are Diebold Nixdorf, Wincor Nixdorf, NCR, Triton, and Hitachi-Omron. Cybercriminals are very specific in their targets because the knowledge of ATM hardware helps threat actors to buy the appropriate malware and the appropriate key to open the ATM enclosure.

The USB ports on ATMs are restricted and will only accept a connection from a keyboard or a mouse. This is to allow servicemen to perform maintenance on the units. You would have loaded the malware onto your Raspberry Pi, and obtained a battery so that it can run as a portable unit. The malware is written in a way that convinces the ATM that the Raspberry Pi is a keyboard. Stored commands tumble out of the Raspberry Pi into the ATM, and the ATM dutifully follows them. 

Another way is to insert a USB memory stick into the ATM and reboot it off an operating system in the memory stick. When the ATM has booted, threat actors can install the malware directly into the ATM’s currently dormant operating system. When they reboot the ATM using its regular operating system they can control the malware by inserting a specially created card, or via a secret key combination on the ATM’s keypad.