NDM Technologies Cyber News

MoneyGram Suffers a Signifigant Outage

MoneyGram International, a widely used service for sending payments abroad, experienced a significant outage lasting nearly four days due to a cybersecurity issue. Outages started on Saturday, September 21st and continued until MoneyGram took operations completely offline the following Monday.

?During the outage, both in-person and online payment services were down, including MoneyGram's website and mobile app, which remained offline from Monday to Thursday. The prolonged disruption impacted millions of users, as nearly half of MoneyGram’s customers rely on the service to send money across borders for essentials like food.

?Serving over 50 million people annually in more than 200 countries and territories, MoneyGram processes over $200 billion in transactions each year. Therefore, the extended outage raised concerns about the potential ripple effects on individuals and their families dependent on timely remittances.

?MoneyGram has yet to confirm the specific nature of the cybersecurity incident, nor has it stated whether customer data was compromised. However, the company worked closely with cybersecurity experts and law enforcement to restore services and mitigate any further risks. On Thursday, September 26th MoneyGram announced through a post on X (formerly known as Twitter) that customers could once again send and receive payments.?

Although services are back to normal, the incident emphasizes the essential requirement for strong cybersecurity protocols and recovery strategies in financial platforms that millions rely on for their everyday transactions.

MacOS Update Causng Failures with Cybersecurity Software

Apple's latest macOS update, Sequoia, is causing significant issues with cybersecurity tools and network connectivity. The update has disrupted major security solutions from companies like CrowdStrike, ESET, Microsoft, and SentinelOne, resulting in widespread connectivity problems.

?CrowdStrike responded by advising customers to avoid updating to macOS Sequoia, citing compatibility issues related to changes in Apple's network stack. SentinelOne similarly acknowledged compatibility challenges and is working on potential solutions. In many cases, users discovered that disabling these security tools temporarily restored network access.

?The macOS update has also disrupted VPN and Remote Desktop Protocol (RDP) connections, with some users reporting that even web browsers were affected when browsing or downloading files. Security researchers suggest that modifying firewall rules may help restore connectivity, but they caution that loosening firewall restrictions could expose users to further security risks.

NIST Updates Recommedations for Password Security

The National Institute of Standards and Technology (NIST) has released updated guidelines for password security, marking a significant shift in traditional practices. These changes aim to improve both cybersecurity and user experience.

One of the most notable updates is the move away from enforcing password complexity requirements, such as mandating a mix of uppercase letters, numbers, and special characters. Instead, NIST now emphasizes password length as the primary factor in password strength, recommending a minimum of 8 characters and a maximum of 64 characters. A NIST cybersecurity expert explains, “Longer passwords are generally more secure and easier to remember,” highlighting the shift toward creating unique, lengthy passwords over complex but predictable ones.

?NIST is also doing away with their recommendation for mandatory periodic password resets, arguing that frequent resets often lead to weaker passwords by encouraging users to make minor, predictable changes to previously used passwords. Now, password changes are only recommended when there is evidence of compromise.

?Additionally, NIST advises organizations to prevent users from selecting weak, commonly used passwords and recommends against the use of password hints or knowledge-based questions, which are vulnerable to social engineering. These updated recommendations aim to enhance security while reducing the frustration and vulnerabilities associated with outdated password practices.

Regulatory & Compliance News

DoD Introduces New CMMC Requirements for Contractors

The U.S. Department of Defense (DoD) has issued new rules under the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the Cybersecurity Maturity Model Certification (CMMC) program. This program aims to standardize cybersecurity practices across the Defense Industrial Base (DIB) and protect sensitive information in the Pentagon’s supply chain.

The new DFARS rules will require all DoD contractors to either self-certify or obtain third-party CMMC certification based on the type of data they handle. There are three levels of certification, each with specific requirements.

• Level 1 (Self-Certification): Required for contractors working with Federal Contract Information (FCI). Based on 17 cybersecurity controls from FAR 52.204-21, this level focuses on basic cybersecurity practices aimed at protecting FCI.
• Level 2: Required for those handling Controlled Unclassified Information (CUI). It is built around 110 controls from NIST SP 800-171 and requires an assessment from a CMMC Third Party Assessor Organization. This level aims to defend CUI from more sophisticated cyber threats, ensuring its integrity and availability.
• Level 3: Aimed at contractors exposed to Advanced Persistent Threats (APTs) while managing CUI, includes 110 controls from NIST 800-171 and an additional 35 controls from NIST SP 800-172. This level also requires a triennial third-party assessment and provides the highest level of protection against APTs.

The CMMC’s three levels are cumulative, meaning that each level includes the practices and processes of all prior levels. Contractors will be required to have an up-to-date CMMC certification at the time of contract award and maintain it throughout the duration of the contract. The CMMC program builds on the NIST 800-171 framework, which has been in place since 2017, and is a critical step in securing the DoD’s supply chain from evolving cybersecurity threats. Learn how ProCern Technology Solutions can help you with your CMMC compliance journey today.

UpComing Conferences & CPE Opportunities

RhythmWorld24

Join NDM Technologies?at RythmWorld to learn from Exabeam experts about the latest security trends. Participate in interactive sessions and connect with the LogRhythm community.?

October 22-23 Denver, CO

The Official Cybersecurity Summit

This Sixth Annual Cybersecurity Summit will connect you with C-Suite and Senior Executives responsible for protecting their companies' critical infrastructure. Learn innovative solution providers and access interactive panels and discussions.

October 18 Houston, TX

Innovate Cybersecurity Summit

This summit brings together Cybersecurity Executives and CISOs from all corners of the country.?Attendees can expect access to insightful CISO panels and education sessions that explore best practices and real-world challenges, networking opportunities, and unique engagement with the industry’s latest cybersecurity technology solutions and vendors.

October 6-8 Scotsdale, AZ