ELTENI’S CYBER SCOOP

Latest News

In this newsletter, we highlight a new CISA incident reporting tool, how to identify a Business Email Compromise and additional developments on the National Public Data breach.

REGULATORY CORNER

CISA Launches New Portal to Improve Cyber Reporting

The Portal is a secure platform with enhanced functionality for cyber incident reporting, including integration with login.gov credentials. The portal’s enhanced functionality includes the ability to save and update reports, share submitted reports with colleagues or clients for third-party reporting, and search and filter reports. A new collaboration feature allows users to engage in informal discussions with CISA.

Notes

As cyber incidents become increasingly common, the saying rings true: “it’s not if, but when.” Therefore, it’s crucial to be prepared to document and report incidents as they occur. Doing so not only meets regulatory requirements but also ensures an efficient and effective response and remediation. Tools that assist in accurately reporting incidents and provide a channel for collaboration are valuable, especially given the complexity and abundance of information on reporting requirements, which can make compliance confusing.

CISA Launches New Portal to Improve Cyber Reporting | CISA

ENFORCEMENT NEWS

SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions

The Securities and Exchange Commission today announced settled charges against New York-based registered transfer agent Equiniti Trust Company LLC, formerly known as American Stock Transfer & Trust Company LLC, for failing to assure that client securities and funds were protected against theft or misuse.  “American Stock Transfer failed to provide the safeguards necessary to protect its clients’ funds and securities from the types of cyber intrusions that have become a near-constant threat to companies and the markets,” said Monique C. Winkler, Director of the SEC’s San Francisco Regional Office.

Notes

Beyond the fines and reputational damage faced by Equiniti, this incident also had a significant financial impact on their clients. This judgment underscores the SEC’s commitment to enforcing cybersecurity regulations for entities under its jurisdiction, ensuring that they implement adequate security controls and practices to protect client assets and information. It highlights the necessity for regulated entities to take a proactive approach in building and managing a robust cybersecurity program that evolves to meet the demands of an ever-changing threat landscape. Continuous improvement and adaptation are essential in maintaining compliance and safeguarding client trust in today’s environment.

SEC Charges Transfer Agent Equiniti Trust Co. with Failing to Protect Client Funds Against Cyber Intrusions | SEC

CYBER NEWS

How to spot a Business Email Compromise Scam | Wired

Business email compromise (BEC) scams are a big deal. The con artists behind this criminal enterprise will cold-email you, pretending to be someone you work with, in order to gain access to money or information. You might get an email that appears to be from your company’s CEO asking you to quickly do something like buy gift cards, or you might get an email that looks like it’s from an employee at your company asking you to change their direct deposit information. The scam itself can take a lot of forms, but the end goal is to somehow siphon money away from you or the business you work for.

National Public Data Published Its Own Passwords | Krebs on Security

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage.

Major Backdoor in Millions of RFID Cards Allows Instant Cloning | Security Week

The backdoor, documented in a research paper by Quarkslab researcher Philippe Teuwen, allows the instantaneous cloning of RFID smart cards used to open office doors and hotel rooms around the world.

Google Warns of Exploited Chrome Vulnerability | Security Week

Essentially, if the victim visits a compromised or malicious web page, the vulnerability could allow the attacker to execute code or access sensitive information.  Google notes in its updated advisory that the in-the-wild exploitation of the security defect was reported after the browser update was released, but did not make it clear whether the flaw was exploited as a zero-day.

DECODE THE TERMS

DLP – Data Loss Prevention (DLP) is a security tool that stops unauthorized access, sharing, or loss of sensitive information. It monitors and controls data movement to ensure it stays within the organization, protecting personal data, financial records, and intellectual property. DLP helps keep important information safe and secure.

EDR – Endpoint Detection and Response (EDR) is a security tool that monitors and analyzes activity on devices like computers, phones, and servers to detect and respond to cyber threats. It helps identify suspicious behavior, such as malware or unauthorized access, and provides tools to investigate and stop the threats before they cause damage, keeping the organization’s devices and data safe.

MITM – A Man-in-the-Middle (MITM) attack is when a hacker secretly intercepts and potentially alters the communication between two parties, like a user and a website, without either party knowing. The attacker can eavesdrop on the conversation, steal sensitive information like passwords or credit card details, or manipulate the data being exchanged. It’s like someone secretly listening to and tampering with a private conversation.

VPN – A Virtual Private Network (VPN) is a tool that creates a secure, private connection between your device and the internet. It hides your online activity and location, making it harder for hackers, advertisers, or anyone else to see what you’re doing or track you. It’s like a private, encrypted tunnel that keeps your data safe and protects your privacy while you’re online.