Friday, October 4, 2013

IP Cameras: What’s Holding You Back?

If you are responsible for your credit union’s video surveillance system and are still using analog video cameras, you’ve probably been pushed at least once or twice to make the leap to IP video surveillance – or risk getting left behind in the ‘dark ages’.

Image source: Article
And it’s just as likely that you’ve already looked at the general benefits of an IP camera, weighed them against the increased system cost, and concluded that it wasn’t quite the right fit for your credit union just yet.

You wouldn’t be alone. There are several factors that can deter an organization from moving to IP video. Read a two-part blog from March Networks – America’s #1 provider of video surveillance solutions to banks and credit unions – to learn more about the pros and cons of IP video cameras.

Is now the right time for your credit union to adopt high-definition IP video surveillance?

'Remarkably Naive' as DDoS Threat Grows

Third-party experts and credit union executives—primarily speaking anonymously on the subject—said most credit unions have done nothing to protect themselves against the takedown threat, which has been increasingly linked with theft of funds at financial institutions.

Image source: Article
Two things have happened in the past year that may change how credit union executives view DDoS.

A vice president at a large Northwestern credit union said his institution relies on its online banking provider to handle DDoS mitigation. The results, so far, have been acceptable. Relying on vendors to secure critical systems may not be a cure-all, however.

What is your Credit Union's defense against DDoS?

Tuesday, October 1, 2013

Millions stolen from US banks after 'wire payment switch' targeted

Criminals have recently hijacked the wire payment switch at several US banks to steal millions from accounts, a security analyst says.

Image source: Article
The loses “added up to millions [lost] across the three banks".

The attack against the wire payment switch -- a system that manages and executes wire transfers at banks -- could have resulted in even far greater loses.

Have you followed the advice to "slow down" wire transfers?

Monday, September 30, 2013

Banks face jump in technology spending: report

Banks which have patched up their information technology (IT) systems too often in recent years face big increases in spending to modernize their operations for the digital age.

Image source: Article
But digital innovation should help offset the outlays by cutting the costs of new branches, which are likely to be 25 percent smaller and have a fifth fewer staff.

IT costs are likely to rise by about 10 percent over the next 10 years, broadly offset by a possible 5 percent fall in branch costs, analysts predicted.

What does your IT budget look like?

Monday, September 16, 2013

Advance Suggests Banking Encryption (RSA) Could Fall Within 5 Years

The encryption systems used to secure online bank accounts and keep critical communications private could be undone in just a few years, security researchers warned at the Black Hat conference.

Image source: Article
Breakthroughs in math research made in the past six months could underpin practical, fast ways to decode encrypted data that’s considered unbreakable today.

The sophisticated Flame malware discovered last year featured a completely new mathematical technique to defeat an encryption method used to verify some software updates as originating with Microsoft, allowing Flame to masquerade as legitimate software.

Are you concerned for the protection of your data?

Tuesday, July 2, 2013

Stolen credit cards... keep 'em. It's all about banking logins now

Crimeware-As-A-Service is a thing. Really.

Image source: Article
Stolen bank login information attracts an even higher price than credit card numbers on underground cybercrime bazaars.

The technical barrier to getting involved in cybercrime has been lowered thanks to various Cybercrime-As-A-Service offerings - including cybercrime-infrastructure-as-a-service, bulletproof hosting, password cracking and DDoS for hire offers.

What are your members' logins worth?

Thursday, May 30, 2013

Don’t Get Caught! Schedule a Surveillance System Spring Clean

You don’t have to go far these days to hear stories in which video surveillance plays a critical role in catching the bad guys.

Image source: Article
Unfortunately, we’ve also seen how an organization can end up with a huge — and costly — headache when its video surveillance system isn’t working properly.

To avoid getting caught in an embarrassing and potentially serious situation, I recommend a little spring cleaning of your video surveillance system.

Has your CU done its spring cleaning yet?

Monday, May 13, 2013

FBI says more cooperation with banks key to probe of cyber attacks

Bank security officers and others were brought to more than 40 field offices around the country to join a classified video conference on "who was behind the keyboards."

Image source: Article
The extraordinary clearances, from an agency famed for being close-mouthed even among other law enforcement agencies, reflect some action after years of talk about the need for increased cooperation between the public and private sectors on cybersecurity.

How has your CU been affected?

Monday, April 8, 2013

CU InfoSecurity Conference 2013 in Las Vegas

The Credit Union InfoSecurity Conference, the original and premier conference dedicated solely to credit union security, is holding its next summit on June 5-7, 2013 at the Platinum Hotel and Spa in Las Vegas.

Register for the event

Image source: imsmartin
The conference, which features industry leaders in their respective fields sharing their firsthand knowledge and practical advice on securing credit unions, is an incredible opportunity to gain new insight, network with credit union peers, and browse the Security Vendor Reception.

Possible topics to be covered at the upcoming summit include mobile security, data forensics, insider threats, incident response, social engineering, secure cloud storage, virtual desktop security, and fighting banking fraud.

If you are interested in attending the event, be sure to register here (

Thursday, April 4, 2013

Gartner: Tablet shipments to outstrip PCs by 72% in 3 years

Three years from now, tablet computers will outsell traditional Windows PCs, and do so by a whopping 72%.

Image source: Article
Some of that decline will be made up by the faster growth in "ultramobiles," the new breed of Windows 8 devices such as Microsoft Surface Pro.

But the PC decline is permanent, reflecting a "long-term change in user behavior," according to the Gartner statement.

Where is your CU making your investment?

Monday, April 1, 2013

New malware goes directly to US ATMs and cash registers for card info

While many consumers already take precautions when shopping online, they may need to start being even more careful - as a new report shows malware is focusing on physical registers and ATMs compromised by attackers looking to harvest card data.

Image source: Article
The malicious code is evidently being installed directly into point-of-sale (POS) hardware (meaning registers or kiosks) and ATMs, and transmitting the harvested information straight out of the magnetic stripes on credit and debit cards - which includes everything from account numbers, to first and last names and expiration dates.

Are your CU's ATMs secure?

Friday, March 29, 2013

Google Chrome: Best security tips for safer browsing

There's a lot to like about Google Chrome's built-in security features.

Image source: Article
The browser offers unique sandboxing functions and privilege restrictions, and even updates itself in the background to help better protect you from hackers and malware.

But like all browsers, Chrome is imperfect, and there are steps you can take to protect it from attack.

Read the full article to see how to get the most from Chrome's built-in security features, and work around its security shortcomings.

Tuesday, March 26, 2013

Wells Fargo bank site attack disrupts service

Wells Fargo's online banking site was experiencing problems Tuesday, with a denial-of-service attack.

Image source: Article
This attack likely the reason behind the slowdowns for some customers trying to access the site.

This isn't the first time the bank site has been under a denial-of-service attack, where hackers inundate a website with traffic to delay or disrupt it.

Think your CU is safe? Think again.

Risk management becoming focus of bank boards

The majority of the boards of directors for large banks are spending significantly more time on risk management, according to a new survey.

Image source: Article
The survey, which was conducted in January using risk officers and directors at banks with more than $5 billion in assets, said 91 percent of those surveyed reported an increase in time devoted to risk management issues within board meetings over the last three years.

Seventy-two percent of risk officers and 63 percent of directors report that this time has doubled or tripled.

What is your board's position on risk management?

Monday, March 25, 2013

Hackers Set Time Bomb to Damage Targeted Banks and Broadcasters

The AhnLab Security Emergency Response Center (ASEC) and US headquarters of South Korea-based AhnLab confirmed a large series of cyber attacks that targeted banks and broadcasters in South Korea.

Image source: chaitanyak.deviantART
AhnLab said that attackers used stolen user IDs and passwords to launch some of the attacks.

The credentials were used to gain access to individual patch management systems located on the affected networks.

Does your CU have control over your patch management system?

Mobile location data 'present anonymity risk'

Scientists say it is remarkably easy to identify a mobile phone user from just a few pieces of location information.

Image source: Article
But a study in Scientific Reports warns that human mobility patterns are so predictable it is possible to identify a user from only four data points.

Recent work has increasingly shown that humans' patterns of movement, however random and unpredictable they seem to be, are actually very limited in scope and can in fact act as a kind of fingerprint for who is doing the moving.

Does your CU let its employees use location features on their smartphones?

Wednesday, March 20, 2013

Internet Explorer 8 Exploit Found in Watering Hole Campaign Targeting Chinese Dissidents

On March 16th, FireEye discovered a premeditated waterhole campaign that hosts exploits and malware on websites frequented by a specific target group.

Image source: Article
The attack exploits a fresh vulnerability (CVE-2013-1288, MS13-021) in Internet Explorer 8—just four days after Microsoft released a patch.

Why did attackers use a fresh vulnerability? Cost could be a factor. Zero-days tend to be expensive to either research or purchase on black markets.

Has your CU applied this patch?

Tuesday, March 19, 2013

Free Android malware analysis tool

Bluebox Labs announced Dexter, a free tool to help researchers and enterprise security teams analyze applications for malware and vulnerabilities.

Image source: Article
The increasing popularity of the Android platform has resulted in an explosion of applications, but with shortened development cycles, many are released without proper security analysis.

This often leads to undetected malware making it to market along with the app.

Does your CU worry about mobile malware?