Tag: Computer Security

banks

Employers Beware: W-2 Scams Running Rampant

Employees count on their employers to keep their private information safe. This is especially true during one of the most information-sensitive times of the year: tax season. For attackers who rely on social engineering tactics, targeting organizations right now can be a potential goldmine. We’ve previously discussed how social engineering tries to trick members of your staff into giving out valuable information – oftentimes by posing as official sources who need the requested information now. This is a threat you should stay on high alert for year round, but recent news should have you more aware and wary of requests centered around employee tax information. A Common Scam A few high profile social engineering attacks have made the round recently, but let’s

Read More »
Attack

Huge Development In Cyber Espionage Tech

The United States has reportedly managed to develop a method that allows it to permanently embed surveillance and malware tools in computers and networks around the world, according to Kaspersky Lab, a Russian cybersecurity firm. Kaspersky presented its research at a conference in Mexico Monday night. They have dubbed the creators of this technique the “Equation Group,” and have broadly hinted that it is tied to the U.S National Security Agency and its military partner, United States Cyber Command, due in part to a similarity between Stuxnet – the computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program – and the new malware platform. But the Equation’s level of sophistication makes Stuxnet seem like child play, according

Read More »
Attack

Securing Billions of Smart Things

There are roughly 25 billion smart devices and objects busily gathering data and beaming information back to their respective motherships (and business partners).  That’s up from 7 billion things a mere five years ago. And five years from now? The consensus is 50 billion things will be interconnected, merrily gathering data, and making our lives easier/transforming the world into a marketer’s magic kingdom. The US Federal Trade Commission (FTC) has signaled its strong interest in bringing privacy enforcement to the so-called Internet of Things (IoT), with the release of its “voluntary standards” report this week.  We put those two works inside quotes because while the standards are voluntary right now, it’s a safe bet that they will be used in

Read More »
800-53

NEW GUIDANCE RELEASED BY NIST REDEFINES ASSURANCE & TRUSTWORTHINESS FOR FINANCIAL INSTITUTIONS

On April 30th, 2013 the National Institute of Standards and Technology (NIST) issued their latest version of essential guidance: Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations.  Led by Ron Ross, a NIST fellow and the project leader, a team of computer scientists spent the past two years developing this latest 457 page revision. One of the Essential Themes of the New Guidance Mr. Ross indicated that a key theme in the new guidance is the “reintroduction of the notion of assurance, or trustworthiness of information systems.”  The bottom line is that organizations will now be under higher scrutiny in terms of how effective they are at identifying vulnerabilities and security weaknesses in systems, which

Read More »
Computer Security

2013 INSIDER THREAT TO BANKS AND CREDIT UNIONS – DATA LEAKAGE

The following is an excerpt from an article regarding the “Top IT Security Threats for 2013” “One of the areas we see a dramatic increase of concern is over data leakage,” says Michael Bruck of Chicago-based BAI Security.  “The ease in which an individual can export sensitive information from an internal network is chilling for many institutions.  We often conduct such evaluations during our Security Audit program and demonstrate just how easy and undetectable the process can be in most environments.”  Even with the headlines and various forms of education on this subject, BAI Security recently reported that as many as 40% of institutions responded in a recent survey that they were concerned their organization has been a victim of

Read More »
Computer Security

LIVE EXPERIMENT DEMONSTRATES DISREGARD FOR BANK SECURITY POLICY

An experiment carried out within London’s financial district has demonstrated what security experts have been saying for years: employees – even those working with ultra-sensitive financial data – are unaware of or are far too loose with basic security practices. In the experiment, Flash Drives were handed out to commuters as they entered the city. Recipients were told the disks contained a special Valentine’s Day promotion. In reality, though, the Flash Drive contained nothing more than code that informed the company performing the experiment how many of the recipients had tried to use the Flash Drive. Among those who were duped were employees of a major retail bank and two global insurers. Clear warning Making these results even more ridiculous, the Flash

Read More »
Assessment

ARE YOUR EMPLOYEES GIVING AWAY CONFIDENTIAL SECURITY INFORMATION?

A man calls the receptionist at a competitors company and asks for the name of the Sales Manager.  The receptionist says the person you are looking for is Bob Jones.  Later, the man calls back to the same company and says he needs to speak with the IT helpdesk.  When the helpdesk operator answers the man says “Hi, my name is Bob Jones and I seem to have forgotten my new password.  I am on my way to an important meeting can you reset it right away?” In an effort to help the user regain access to the system, the helpdesk operator resets the password and tells the man the new password.  The man then accesses the employee area of

Read More »
Computer Security

MANY BANKS AND CREDIT UNIONS FAIL THE VULNERABILITY TESTING COMPONENT OF THEIR IT SECURITY AUDIT DUE TO WEAK PATCH MANAGEMENT

Do you have a patch management plan?  If so, how effective is it?  Many companies either lack a comprehensive plan or the necessary tools to properly automate the processing of updates.  In fact, the underlying reasons many banks and credit unions fail the vulnerability testing component of their IT security audit is this lack of effective patch management. Failed Vulnerability Testing Due to Weak Patch Management Often Root Cause of Poor IT Security Audit Results As for the tools, many companies rely only on Windows Server Update Services (WSUS) to patch their Microsoft Windows operating system and other Microsoft software.  WSUS does not patch non-Microsoft application software, such as Adobe Acrobat, Adobe Flash, Adobe Shockwave, which often have severe risks that can lead

Read More »