Tuesday, October 30, 2012

Lack of abuse detection allows cloud computing instances to be used like botnets

Some cloud providers don't detect attacks launched from their networks, researchers say.

Image source: YahooLabs
Some cloud providers fail to detect and block malicious traffic originating from their networks, which provides cybercriminals with an opportunity to launch attacks in a botnet-like fashion, according to a report from Australian security consultancy firm Stratsec.

Researchers from Stratsec, a subsidiary of British defense and aerospace giant BAE Systems, reached this conclusion after performing a series of experiments on the infrastructure of five "common," but unnamed, cloud providers.

What are your cloud instances up to? Read the article to learn more.

Wednesday, October 24, 2012

In security response, practice makes perfect

We've heard it many times in many forms -- expect to be breached, expect that you've been breached, expect that you are being breached.

Image source: imsmartin
The unfortunate reality is that most organizations don't even know that they've been compromised and therefore don't do anything to block spreading of the malware, control the damage, prevent loss of information, or even recover from the technical problems associated with the compromise.

Assuming the adversary makes it in, the question remains: How long after a breach occurs can the organization remediate and prevent further damage?

Which state is your CU in? Waiting to be breached? Already breached? Don't know? Regardless of the state, you should read the article to learn more about some best practices in response.

Wednesday, October 17, 2012

Managing Mobile Risk

What happens when data collaboration and delivery travels to the mobile devices we all carry? Most CIOs see the introduction of unnecessary risk, observed many experts.

Image source: Article
Controlling information is not a new concept

But today's unmanaged mobility — in the form of BYOD (bring your own device) to work programs — and equally unmanaged use of popular Web services such as Dropbox and Evernote — represent a seemingly unstoppable phenomenon.

This creates a set of issues that must be addressed before an information governance firestorm hits. Read the article to see where your CU sits in terms if mobile information governance.

Monday, October 15, 2012

Doing the Two-Step, Beyond the A.T.M.

BANK A.T.M.'s embody decades-old technology. A four-digit PIN?

Image source: judybaxter
What a seemingly crude security system. Where are the uppercase and lowercase letters and the random punctuation that we are continually told are crucial to hacker-resistant passwords?

In fact, though, the four-digit numbers required to use cash machines are one element of an extremely strong security model that most of today's Web sites fall well short of matching.

Is your CU planning to offer your Members the option of requiring two-step verification for added peace of mind? Read the article to learn more about two-factor authentication.

Friday, October 12, 2012

Technology report: Biometric banks and privacy

It may sound like something straight out of a James Bond movie, but believe it or not, Australia’s major banks are moving to embrace biometric security systems.

Image source: Cynic
There are two main reasons why the banks are moving in this direction; both of which revolve around customer experience. The first is to improve their customer's experience whilst utilising ATMs and Eftpos machines and terminals. The second is to remove the need for customers to carry around a wallet or purse full of plastic cards.

Banks aim to introduce biometric security systems to reduce the incidence of fraud. There’s also the fact that ATMs and Eftpos are time consuming, require customers to have a plastic card that stores account details and to remember a Personal Identification Number (PIN).

Is your CU and your members ready for biometric technology? Read the article to learn more about biometrics.

Wednesday, October 10, 2012

Trend Micro Identifies Malware Spreading via Skype

If you use Skype, you’ve likely been privy to an odd message coming from some of your contacts that says, “lol is this your new profile pic?”

Image source: Article
The explosion of this Trojan through various gaming communities was covered by SiliconANGLE earlier; but now Trend Micro’s malware labs have identified the malware as a variant of DORKBOT.

Users of Trend Micro’s product are already protected from this sort of intruder and the company has detected and blocked more than 6,800 associated files since Sunday.

Read up on the Skype-based attacks here to see why the payload is far more sinister than the silly name of this threat.

Friday, October 5, 2012

An eye for a buy: Banks look to retina and fingerprint technology

ANZ has floated the idea of retina-scanning automatic teller machines and is considering using electronic fingerprints as part of an effort to beat rival banks in the realm of technology.

Image source: Article
By the middle of next year, it would introduce 800 ATMs that allowed ''next generation'' deposit services, including coins, notes and cheques to be credited to customers' accounts immediately, the bank said yesterday.

It will plough about $1.5 billion into new technologies, including ATMs consumers could access through fingerprints or retina identification.

How much does your CU plan to invest in your ATM technologies? Read the article to learn more about how ANZ is using biometrics to deliver better security for their consumers transactions.

Wednesday, October 3, 2012

DDoS attacks on major US banks are no Stuxnet—here's why

The attacks that recently disrupted website operations at Bank of America and at least five other major US banks used compromised Web servers to flood their targets with above-average amounts of Internet traffic.

Image source: Article
The attacks used compromised Web servers to wield a bigger-than-average club.

The distributed denial-of-service (DDoS) attacks—which over the past two weeks also caused disruptions at JP Morgan Chase, Wells Fargo, US Bancorp, Citigroup, and PNC Bank—were waged by hundreds of compromised servers.

Your CU isn't on the list? So it must be safe then, right? Read the article to see why this may not be true.

MasterCard Plans Shift To EMV-enabled ATMs By 2016

After October 2016, banks can hold ATM operators liable for fraudulent withdrawals and cash advances from debit and credit cards.

Image source: Lexcel
The announcement gives banks, ATM operators, and equipment manufacturers more than four years to cycle EMV cards and equipment into circulation.

While not immune from fraud, EMV-enabled debit and credit cards require much more sophistication to clone, compared to the magnetic stripe cards popular among Americans today.

Is your CU planning to use EMV technology? Read the article to learn more about EMV-enabled ATMs.

Banks fail to repel cyber threat

A shadowy but well organized hacker group in the Middle East has disrupted the electronic banking operations of America's largest financial institutions in recent days, underscoring U.S. vulnerability to online terrorism.

Image source: Geograph
A group identifying itself as Izz ad-Din al-Qassam Cyber Fighters attacked the websites of Wells Fargo, U.S. Bancorp and Bank of America.

The strikes left customers temporarily unable to access their checking accounts, mortgages and other services.

Is your CU at risk of the same sort of attack? Read the article to see how this group operates.