FFIEC Implements New InfoBase Technology
The Federal Financial Institutions Examination Council (FFIEC) has announced that the organization has upgraded the functions and features of the InfoBase for the FFIEC Information Technology Examination Handbook (IT Handbook). The IT Handbook consists of 11 booklets covering a variety of technology and technology-related risk management guidance for financial institutions and examiners.
Third Party Patch Management
Vulnerabilities come in all shapes and sizes and while operating system patch management has largely been simplified with tools like WSUS, there is still a high degree of risk due to many popular third party applications and the lack of any centralized patching mechanism for maintaining those installations. Vendors such as Adobe and Mozilla regularly release updates for their software packages, but managing those updates has been an arduous task for many system administrators. Until recently, the only centralized option was to create your own MSI packages and deploy them via group policy or SCCM.
FBI Server Takedown Extended
In November, we posted an article informing you of Operation Ghost Click, an investigation that resulted in the arrests of a ring of seven people who allegedly infected millions of computers with DNSChanger malware. Per court order, the FBI was being allowed to provide clean servers until March 8th. That expiration date has now been extended until July.
Fictitious Publishers Clearing House E-mail Alert
The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being sent from the Publishers Clearing House that make reference to the FDIC.
Coming Soon: The Branchless Banking Kit!
It’s hard to believe almost a year ago Infotex set out on the path to create a new “branchless banking kit” which would include all the IT Policy and Procedure templates necessary to address a total re-write of the typical “E-banking Policy.” The decision to do this was accompanied by an article in Dan’s New Leaf entitled “Manifesto: Time to Revolutionize our E-banking Policies.”
Supplement Compliance Part Two!
Are you ready to integrate the Supplement compliance requirements with your existing awareness training program? Our own Dan Hadaway CRISC, has arranged to deliver a workshop on awareness training with the Community Bankers Association of Ohio and the Indiana Bankers Association that will not only show how banks are accomplishing this daunting task, but he’ll [...]
Law Firms Target of Counterfeit Check Scheme
Of the professions that I would think would be the last on the target list for the bad guys, I would expect it to be law firms. However, to my dismay, this is not the case. The IC3 has continued to receive reports of counterfeit check schemes targeting U.S. law firms.
Beware the Ides of March, Maybe?
If you’re still scrambling to comply with the 2010 American with Disabilities Act update requiring ATMs to be handicap accessible, you are not alone.
Disaster = Fraud!
It has become a habit of the “bad guys”…. a disaster strikes and thus the bad guys take advantage of the situation. We have seen it time and time again. As if the victims of the disaster (e.g. tornado, hurricane, etc. etc.) haven’t been through enough. As it is, the Department of Justice, the FBI, and the National Center for Disaster Fraud (NCDF) are reminding the public there is a potential for disaster fraud in the aftermath of a natural disaster.
DNSChanger Malware
In November 2011, the FBI replaced rogue DNS servers with clean servers to prevent millions of Internet users infected with the DNSChanger malware from losing Internet connectivity when the members of a ring where arrested during Operation Ghost Click. However, the court order allowing the FBI to provide the clean servers is set to expire on March 8, 2012. Computers that are infected with the DNSChanger malware may lose Internet connectivity when these FBI servers are taken offline.