MISCELLANEOUS CYBERSECURITY NEWS:
We can - and must - do better recovering from ransomware attacks -
It’s any IT professional’s worst nightmare: Someone has breached the
network, locked users out of their computers, captured company data,
and has held it for ransom.
https://www.scworld.com/perspective/we-can-and-must-do-better-recovering-from-ransomware-attacks
New Windows zero-day exploited by 11 state hacking groups since 2017
- At least 11 state-backed hacking groups from North Korea, Iran,
Russia, and China have been exploiting a new Windows vulnerability
in data theft and cyber espionage zero-day attacks since 2017.
https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
5 ransomware threats facing the financial sector – and 5 ways to
respond - The financial sector remains one of the most targeted
industries for ransomware attacks.
https://www.scworld.com/perspective/5-ransomware-threats-facing-the-financial-sector-and-5-ways-to-respond
Cybersecurity job market faces disruptions: Hiring declines in key
roles amid automation and outsourcing - The cybersecurity job market
in the United States is undergoing a transformation, as detailed in
the 2025 U.S. Cybersecurity Job Posting Data Report.
https://www.scworld.com/analysis/cybersecurity-job-market-faces-disruptions-hiring-declines-in-key-roles-amid-automation-and-outsourcing
Police arrests 300 suspects linked to African cybercrime rings -
African law enforcement authorities have arrested 306 suspects as
part of 'Operation Red Card,' an INTERPOL-led international
crackdown targeting cross-border cybercriminal networks.
https://www.bleepingcomputer.com/news/security/police-arrests-300-suspects-linked-to-african-cybercrime-rings/
NIST’s vulnerability database logjam is still growing despite
attempts to clear it - Vulnerability submissions increased 32% in
2024, NIST said. The agency is considering machine learning to
automate certain vulnerability analysis tasks.
https://www.nextgov.com/cybersecurity/2025/03/nists-vulnerability-database-logjam-still-growing-despite-attempts-clear-it/403887/
CYBERSECURITY ATTACKS, INTRUSIONS, DATA THEFT &
LOSS:
Half a million people impacted by Pennsylvania State Education
Association data breach - More than 500,000 people were impacted by
a cyberattack on the Pennsylvania State Education Association (PSEA)
that took place in July 2024.
https://therecord.media/half-a-million-impacted-pennsylvania-education-data-breach
Researchers back claim of Oracle Cloud breach despite company’s
denials - Security researchers provided additional evidence
supporting a hacker’s claim to have exfiltrated 6 million records.
https://www.cybersecuritydive.com/news/researchers-oracle-cloud-breach/743447/
Canadian provincial police appear to be using advanced commercial
spyware - There is evidence suggesting that Canadian provincial
police are using powerful advanced commercial spyware, the Citizen
Lab said in a report released Wednesday.
https://therecord.media/ontario-police-citizen-lab-spyware-report
Fate of DNA data raises privacy, identity issues in 23andMe
bankruptcy - News of the troubled DNA testing services company
23andMe filing for Chapter 11 bankruptcy protection set off a
spirited debate in the security community this week as experts
expressed concern over the fate of the DNA data the company
collected on more than 15 million customers for the past two
decades.
https://www.scworld.com/news/fate-of-dna-data-raises-privacy-identity-issues-in-23andme-bankruptcy
Return to the top
of the newsletter
WEB SITE COMPLIANCE -
We continue our review of the FFIEC interagency
statement on "Weblinking: Identifying Risks and Risk Management
Techniques."
(Part 2 of 10)
A. RISK DISCUSSION
Introduction
Compliance risk arises when the linked third party acts in a
manner that does not conform to regulatory requirements. For
example, compliance risk could arise from the inappropriate release
or use of shared customer information by the linked third party.
Compliance risk also arises when the link to a third party creates
or affects compliance obligations of the financial institution.
Financial institutions with weblinking relationships are also
exposed to other risks associated with the use of technology, as
well as certain risks specific to the products and services provided
by the linked third parties. The amount of risk exposure depends on
several factors, including the nature of the link.
Any link to a third-party website creates some risk exposure for
an institution. This guidance applies to links to affiliated, as
well as non-affiliated, third parties. A link to a third-party
website that provides a customer only with information usually does
not create a significant risk exposure if the information being
provided is relatively innocuous, for example, weather reports.
Alternatively, if the linked third party is providing information or
advice related to financial planning, investments, or other more
substantial topics, the risks may be greater. Links to websites that
enable the customer to interact with the third party, either by
eliciting confidential information from the user or allowing the
user to purchase a product or service, may expose the insured
financial institution to more risk than those that do not have such
features.
Return to
the top of the newsletter
FFIEC IT SECURITY -
We
continue our series on the FFIEC interagency Information Security
Booklet.
LOGGING AND DATA COLLECTION (Part 1 of 2)
Financial institutions should take reasonable steps to ensure
that sufficient data is collected from secure log files to identify
and respond to security incidents and to monitor and enforce policy
compliance. Appropriate logging controls ensure that security
personnel can review and analyze log data to identify unauthorized
access attempts and security violations, provide support for
personnel actions, and aid in reconstructing compromised systems.
An institution's ongoing security risk assessment process should
evaluate the adequacy of the system logging and the type of
information collected. Security policies should address the proper
handling and analysis of log files. Institutions have to make
risk-based decisions on where and when to log activity. The
following data are typically logged to some extent including
! Inbound and outbound Internet traffic,
! Internal network traffic,
! Firewall events,
! Intrusion detection system events,
! Network and host performance,
! Operating system access (especially high - level administrative
or root access),
! Application access (especially users and objects with write -
and execute privileges), and
! Remote access.
Return to the top of the newsletter
NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY -
We continue the series
on the National Institute of Standards and Technology (NIST)
Handbook.
Chapter 13 -
AWARENESS, TRAINING, AND EDUCATION
3.6.3 Identify Target Audiences
Not everyone needs the same degree or type of computer security
information to do their jobs. A CSAT program that distinguishes
between groups of people, presents only the information needed by
the particular audience, and omits irrelevant information will have
the best results. Segmenting audiences (e.g., by their function or
familiarity with the system) can also improve the effectiveness of a
CSAT program. For larger organizations, some individuals will fit
into more than one group. For smaller organizations, segmenting may
not be needed. The following methods are some examples of ways to do
this.
Segment according to level of awareness. Individuals may be
separated into groups according to their current level of awareness.
This may require research to determine how well employees follow
computer security procedures or understand how computer security
fits into their jobs.
Segment according to general job task or function. Individuals may
be grouped as data providers, data processors, or data users.
Segment according to specific job category. Many
organizations assign individuals to job categories. Since each job
category generally has different job responsibilities, training for
each will be different. Examples of job categories could be general
management, technology management, applications development, or
security.
Segment according to level of computer knowledge. Computer
experts may be expected to find a program containing highly
technical information more valuable than one covering the management
issues in computer security. Similarly, a computer novice would
benefit more from a training program that presents introductory
fundamentals.
Segment according to types of technology or systems used.
Security techniques used for each off-the-shelf product or
application system will usually vary. The users of major
applications will normally require training specific to that
application. |