The National Credit Union Administration (NCUA) issued an advisory warning that CDs with malware are being mailed to Credit Unions claiming to be training materials.
See http://www.ncua.gov/news/press_releases/2009/MR09-0825a.htm for the alert.
The National Credit Union Administration (NCUA) issued an advisory warning that CDs with malware are being mailed to Credit Unions claiming to be training materials.
See http://www.ncua.gov/news/press_releases/2009/MR09-0825a.htm for the alert.
CoNetrix is pleased to announce the CoNetrix Information Security Risk Assessment software and Business Continuity Planning (BCP) software are candidates for the BankNews 2009 Innovative Solutions Award.
The Innovative Solutions Award, sponsored by BankNews, recognizes companies that have introduced or enhanced a product or service designed to help banks better serve their customers. Entries are divided into four categories:
The CoNetrix Risk Assessment tool is listed under the category 2 "Consulting/Outsourcing/Training Solution", and the BCP tool is listed under the category 3 "Management Solutions".
To vote now, go to http://www.banknews.com/2009-Entries.704.0.html
To learn more about the Innovative Solutions Award, visit http://www.banknews.com/
The FDIC Board of Directors just concluded their special meeting to discuss the Special Assessment Final Rule. The FDIC Board elected to change the following:[more]
This reduce the initial proposed assessment of 20 points (.20/per $100 of insured domestic deposits) to .05bp of total assets minus capital. This change is substantial for community banks, since now the majority of the recapitalization will be placed on larger regional and national megabanks.
To read the final rule, visit http://www.fdic.gov/news/board/May22no2.pdf
We continue to hear positive things from many of our customers (community banks) - many have plenty of money to lend (but only to qualifying customers) - we have even visited with a few banks that are trying to send back the "bailout" money - here is a good article depicting the US community bank - http://www.nytimes.com/2009/05/17/magazine/17wwln-rendon-t.html?_r=2&ref=magazine
The FTC has delayed the enforcement of the new "Red Flags Rule" again. The new enforecement date is now extended to August 1, 2009. This does NOT affect other federal agencies' enforcement of the original November 1, 2008 dealine (i.e. FDIC, OCC, Federal Reserve, OTS, NCUA).
To read the Press Release visit http://www.ftc.gov/opa/2009/04/redflagsrule.shtm
During IT audits, we routinely see banks granting all or some of their users local administrator rights on their PCs. They are usually forced into allowing this level of access due to some software that will not work correctly without local administrator rights. However, they can mitigate some of the risk by using a utility called DropMyRights.
In a recent Security Now! podcast, Steve Gibson talked about the DropMyRights utility. It was written by a Microsoft engineer. It allows you to run specific programs with less rights than your user account normally has. For example, if you are given local administrator rights because the core banking software requires it, you can use DropMyRights to help protect yourself when running web browsers or your email client. Simply create a shortcut for each program using DropMyRights in the command line. For example, you could use the following command line to run Internet Explorer under a non-admin user context: [more]
C:\utilities\dropmyrights.exe "c:\program files\internet explorer\iexplore.exe"
Links to the utility and supporting documentation can be found on Steve Gibson’s website: http://www.grc.com/sn/notes-176.htmICBA and Visa are providing a free Data Breach Toolkit available to all ICBA member banks. The toolkit was developed due to the recent data breach at Heartland Systems, and is designed to help community banks answer customers' questions following a breach of credit and debit card account information. The toolkit provides member banks with customizable materials, including cardholder letters, statement inserts, FAQs and media statements. You can login to receive your toolkit at http://www.icba.org/publications/visa.cfm?ItemNumber=37529
The FBI, the U.S. Postal Inspection Service, and state and local authorities are investigating more than 60 threatening letters that have been received by Financial Institutions in Araizona, Caliofornia, Colorado, Georgia, Illinois, New Jersey, New York, Ohio, Oklahoma, Texas, Virginia, and Washington, D.C. The letters began to be received on Monday, Oct. 20, 2008, and appear to all be originating from Texas - all have been postmarked in Amarillo, TX. Most of these letters contain a powder substance with a threatening communication. At this point, field and laboratory tests on the powder have been negative; however, additional testing is taking place.
To see a copy of one of the letters, visit http://www.fbi.gov/page2/oct08/threatletters_102308.html
Yesterday, the Federal Trade Commission (FTC) stated they would suspend enforcement of the new "Red Flags Rule" until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written Identity Theft Prevention Programs. This does not affect the other federal agencies' (FDIC, OCC, Federal Reserve, OTS, & NCUA) enforcement of the original November 1, 2008 deadline.
To read the new Identity Theft Red Flags rules and guidelines go to conetrix.com/Files/ITPP_Regulation.pdf
The following Special Alert was released by the FDIC concerning e-mails being sent that claim to be from the FDIC. These e-mails are attempting to trick recipients into installing unknown software on personal computers. The subject line of the messages is: "Funds wired into your account are stolen." Here is a copy of the FDIC's Special Alert: [more]
The FDIC is aware of e-mails appearing to be sent from the FDIC that ask recipients to open and review an attached file. Currently, the subject line of the e-mail states: "Funds wired into your account are stolen." The e-mail is fraudulent and was not sent by the FDIC.
The fraudulent e-mail tells the recipient that proceeds from identity theft crimes have been wire-transferred into their bank account. The e-mail then directs the recipient to open and review an attached copy of their bank account statement and to contact their bank account managers.
The attached file is actually an executable file containing malicious code or software. Recipients should consider the attached file as a malicious attempt to collect online banking credentials or other personal and confidential information that could be used to gain unauthorized access to on-line banking services or perpetrate identity theft and other criminal activities.
Recipients of the fraudulent e-mail should not reply and should not attempt to open the attached file. According to reports received by the FDIC, many antivirus software programs have been detecting and removing the malicious attachment before the e-mail is delivered. However, if a recipient does open the attachment, the FDIC recommends updating anti-virus software patches and performing a complete scan of the computer and network, if applicable. If a computer becomes infected and the user encounters difficulties removing the malicious code, users should contact their anti-virus software vendor. The FDIC highly recommends using anti-virus software.
For additional information about safe online banking and avoiding online scams, visit http://www.fdic.gov/consumers/consumer/guard/.
For your reference, FDIC Special Alerts may be accessed from the FDIC's Web site at www.fdic.gov/news/news/SpecialAlert/2008/index.html.