Friday, January 23, 2015

When good security advice...isn't

Have you ever had one of those moments, while discussing security techniques with other clueful individuals, where one of you confesses to disagreeing with a common piece of advice? While it may be completely logical that you must account for context when giving appropriate advice, sometimes we may forget that we must also do this when we’re discussing security.

Image source: Article
Perhaps we should be asking ourselves more specific questions when we give others security decrees.

Is there any piece of common security advice that you find you disagree with?

Wednesday, January 21, 2015

AppSec California Top-Notch Training - Register Today and Save

Held again at the Annenberg Community Beach House on a fantastic stretch of beautiful Santa Monica beachfront property, AppSec California 2015 is sure to be a huge success as it’s bringing together multiple security experts from the likes of Veracode, LinkedIn, Twitter, Cigital, NCR, Qualcomm, Bugcrowd,, and HackerOne. The speakers are all revved up and ready to getting us all thinking about our own contributions to information security as they engage with us during the West Coast’s leading InfoSec event.

Use the code sean25 and save 25% off training!
Register for the event
Image source: AppSecCali

And, if you sign up for a training, you will get another code for 50% off of the conference!

The breadth and depth of training and content available is sure to draw in huge crowds, likely topping the nearly 300 information security attendees from last year’s event. According to the event’s organizers, we can expect to see even more senior executives, technical experts, and information security practitioners participating this year.

Regardless of your role, you’ll find a plethora of content to be discussed and knowledge to be gained. Want to see more than what I’ve highlighted here? The full agenda can be viewed at

If you are interested in attending the event, be sure to register here ( And, don't forget to use the sean25 savings code.

We hope to see you there!

Protecting Your Agile Data Center: You Can't Fight the New War With Old Tools

Data infrastructure and function has experienced a paradigm shift with the enterprise progressing steadily in the age of cloud, apps and mobility, marking the end of the “perimeter” era for the computing environment.With the proliferation of the cloud, mobile, and Internet of Things (IoT), information continues to be virtualized and mobilized, and blind spots unknowingly created, sitting undetected and vulnerable to new attack vectors.

Image source: Wikipedia
While most security technologies have not evolved over the past decade to meet this need, new cloud-based security technologies designed for the virtual, mobile and automated environments will protect data that old solutions fail to even see.

Is your firm ready for the next frontier?

Tuesday, January 20, 2015

10 Mobile Predictions For 2015

It’s always interesting to review and compare the concepts and product announcements presented at CES to my predictions. After nearly a week of gadget heaven, I can firmly state that nothing revealed at the show has changed my perspective.

Image source: Article
Prediction No. 1: 2015 will be the year of the enterprise mobile app and enterprise micro apps will grow into richer apps.

Be sure to read the remaining 9 predictions from Maribel Lopez!

Thursday, January 15, 2015

CU InfoSecurity Conference 2015 in Las Vegas

The Credit Union InfoSecurity Conference, the original and premier conference dedicated solely to credit union security, is holding its next summit on June 3-5, 2015 at the Golden Nugget Hotel & Casino in the heart of Fremont Street in Las Vegas.

Register for the event

Image source: CU News
The conference, which features industry leaders in their respective fields sharing their firsthand knowledge and practical advice on securing credit unions, is an incredible opportunity to gain new insight, network with credit union peers, and browse the Security Vendor Reception.

Possible topics to be covered at the upcoming summit include ransomware, active defense, cloud security, data encryption, breach prevention, pervasive security, device configuration, social media compliance, virtual branch security, virtual machine security, account takeover prevention, network security strategies, and cyber security intelligence.

If you are interested in attending the event, be sure to register here (

Six More Credit Unions on Apple Pay

Six more credit unions are now live in Apple Pay, bringing the total number in the industry to 15. Newcomers included the $550 million Consumers Credit Union in Kalamazoo, Mich., the $2.6 billion Virginia Credit Union in Richmond, Va., the $672 million Cyprus Credit Union in West Jordan, Utah, the $1.7 billion Fairwinds in Orlando, Fla., the $4 billion Mountain America Credit Union in West Jordan, Utah, and the $1.2 billion Partners Federal Credit Union in Burbank, Calif.

Image source: Wikipedia
Less than two dozen banks are now live in Apple Pay. Among them are Chase, Bank of America, Citi, and Wells Fargo.

Is your firm planning to support Apple Pay?

The Making of a Cybercrime Market

How two underground entities surfaced, battled, aligned, and ultimately extracted billions from some of the world’s largest financial institutions via unsuspecting, everyday banking client victims.

Image source: Article
As the events described unfolded, we begin to see into the business minds of the cybercriminals they described. This article looks at the how the business was formed, how it grew, and captures a list of best practices and lessons learned.

Don't miss this script-worthy story that is rooted in reality.

Bank Fraud Toolkit Circumvents 2FA & Device Identification

Another user-friendly attack toolkit is on the market, and it's perfect for the budding Brazilian banking fraudster. It's got an attractive, user-friendly interface that includes a "start phishing" button. And it effectively circumvents both two-factor authentication and device identification protections.

Image source: Article
The toolkit is distributed by being embedded in other malware. It comes preloaded with a list of targeted banking URLs. When the infected user visits one of those sites, the malware operator gets an alert and can then decide whether or not to proceed with an attack.

If the toolkit surfaces in English, is your firm prepared to detect the toolkit that leverages a malware infection, the use remote access tools, abnormal browser patterns, or other abnormal transactions?

Credit Union Watchdog Shoots Down Data Encryption Rule

Even after suffering a data breach, the organization in charge of overseeing the needs of credit unions has cast off the idea of implementing a rule mandating the use of encryption for data transfers.

Image source: Article
It’s expected the NCUA will make further decisions regarding shoring up its security as soon as its Inspector General concludes his look at the incident.

What is your firm's position on this topic?

Friday, October 4, 2013

IP Cameras: What’s Holding You Back?

If you are responsible for your credit union’s video surveillance system and are still using analog video cameras, you’ve probably been pushed at least once or twice to make the leap to IP video surveillance – or risk getting left behind in the ‘dark ages’.

Image source: Article
And it’s just as likely that you’ve already looked at the general benefits of an IP camera, weighed them against the increased system cost, and concluded that it wasn’t quite the right fit for your credit union just yet.

You wouldn’t be alone. There are several factors that can deter an organization from moving to IP video. Read a two-part blog from March Networks – America’s #1 provider of video surveillance solutions to banks and credit unions – to learn more about the pros and cons of IP video cameras.

Is now the right time for your credit union to adopt high-definition IP video surveillance?

'Remarkably Naive' as DDoS Threat Grows

Third-party experts and credit union executives—primarily speaking anonymously on the subject—said most credit unions have done nothing to protect themselves against the takedown threat, which has been increasingly linked with theft of funds at financial institutions.

Image source: Article
Two things have happened in the past year that may change how credit union executives view DDoS.

A vice president at a large Northwestern credit union said his institution relies on its online banking provider to handle DDoS mitigation. The results, so far, have been acceptable. Relying on vendors to secure critical systems may not be a cure-all, however.

What is your Credit Union's defense against DDoS?

Tuesday, October 1, 2013

Millions stolen from US banks after 'wire payment switch' targeted

Criminals have recently hijacked the wire payment switch at several US banks to steal millions from accounts, a security analyst says.

Image source: Article
The loses “added up to millions [lost] across the three banks".

The attack against the wire payment switch -- a system that manages and executes wire transfers at banks -- could have resulted in even far greater loses.

Have you followed the advice to "slow down" wire transfers?

Monday, September 30, 2013

Banks face jump in technology spending: report

Banks which have patched up their information technology (IT) systems too often in recent years face big increases in spending to modernize their operations for the digital age.

Image source: Article
But digital innovation should help offset the outlays by cutting the costs of new branches, which are likely to be 25 percent smaller and have a fifth fewer staff.

IT costs are likely to rise by about 10 percent over the next 10 years, broadly offset by a possible 5 percent fall in branch costs, analysts predicted.

What does your IT budget look like?

Monday, September 16, 2013

Advance Suggests Banking Encryption (RSA) Could Fall Within 5 Years

The encryption systems used to secure online bank accounts and keep critical communications private could be undone in just a few years, security researchers warned at the Black Hat conference.

Image source: Article
Breakthroughs in math research made in the past six months could underpin practical, fast ways to decode encrypted data that’s considered unbreakable today.

The sophisticated Flame malware discovered last year featured a completely new mathematical technique to defeat an encryption method used to verify some software updates as originating with Microsoft, allowing Flame to masquerade as legitimate software.

Are you concerned for the protection of your data?

Tuesday, July 2, 2013

Stolen credit cards... keep 'em. It's all about banking logins now

Crimeware-As-A-Service is a thing. Really.

Image source: Article
Stolen bank login information attracts an even higher price than credit card numbers on underground cybercrime bazaars.

The technical barrier to getting involved in cybercrime has been lowered thanks to various Cybercrime-As-A-Service offerings - including cybercrime-infrastructure-as-a-service, bulletproof hosting, password cracking and DDoS for hire offers.

What are your members' logins worth?

Thursday, May 30, 2013

Don’t Get Caught! Schedule a Surveillance System Spring Clean

You don’t have to go far these days to hear stories in which video surveillance plays a critical role in catching the bad guys.

Image source: Article
Unfortunately, we’ve also seen how an organization can end up with a huge — and costly — headache when its video surveillance system isn’t working properly.

To avoid getting caught in an embarrassing and potentially serious situation, I recommend a little spring cleaning of your video surveillance system.

Has your CU done its spring cleaning yet?

Monday, May 13, 2013

FBI says more cooperation with banks key to probe of cyber attacks

Bank security officers and others were brought to more than 40 field offices around the country to join a classified video conference on "who was behind the keyboards."

Image source: Article
The extraordinary clearances, from an agency famed for being close-mouthed even among other law enforcement agencies, reflect some action after years of talk about the need for increased cooperation between the public and private sectors on cybersecurity.

How has your CU been affected?

Monday, April 8, 2013

CU InfoSecurity Conference 2013 in Las Vegas

The Credit Union InfoSecurity Conference, the original and premier conference dedicated solely to credit union security, is holding its next summit on June 5-7, 2013 at the Platinum Hotel and Spa in Las Vegas.

Register for the event

Image source: imsmartin
The conference, which features industry leaders in their respective fields sharing their firsthand knowledge and practical advice on securing credit unions, is an incredible opportunity to gain new insight, network with credit union peers, and browse the Security Vendor Reception.

Possible topics to be covered at the upcoming summit include mobile security, data forensics, insider threats, incident response, social engineering, secure cloud storage, virtual desktop security, and fighting banking fraud.

If you are interested in attending the event, be sure to register here (

Thursday, April 4, 2013

Gartner: Tablet shipments to outstrip PCs by 72% in 3 years

Three years from now, tablet computers will outsell traditional Windows PCs, and do so by a whopping 72%.

Image source: Article
Some of that decline will be made up by the faster growth in "ultramobiles," the new breed of Windows 8 devices such as Microsoft Surface Pro.

But the PC decline is permanent, reflecting a "long-term change in user behavior," according to the Gartner statement.

Where is your CU making your investment?

Monday, April 1, 2013

New malware goes directly to US ATMs and cash registers for card info

While many consumers already take precautions when shopping online, they may need to start being even more careful - as a new report shows malware is focusing on physical registers and ATMs compromised by attackers looking to harvest card data.

Image source: Article
The malicious code is evidently being installed directly into point-of-sale (POS) hardware (meaning registers or kiosks) and ATMs, and transmitting the harvested information straight out of the magnetic stripes on credit and debit cards - which includes everything from account numbers, to first and last names and expiration dates.

Are your CU's ATMs secure?

Friday, March 29, 2013

Google Chrome: Best security tips for safer browsing

There's a lot to like about Google Chrome's built-in security features.

Image source: Article
The browser offers unique sandboxing functions and privilege restrictions, and even updates itself in the background to help better protect you from hackers and malware.

But like all browsers, Chrome is imperfect, and there are steps you can take to protect it from attack.

Read the full article to see how to get the most from Chrome's built-in security features, and work around its security shortcomings.