The Ides of March: Come and Gone!
Infotex has released an upgrade to our portal, my.infotex.com, with the introduction of a new “blog site” based on Wordpress instead of Geeklog. This site will eventually be the authentication point for all classes of users (from public through client and associate to various levels of employee.)
Hello World!
As you have probably already noticed, we have updated our security portal recently with a few changes. This is the initial release of our long vaunted Portal 2.0 project. This new content management system will be the base upon which we migrate and build components from our old site.
Phishers Used Facebook to Penetrate Financial Firm’s Computer System
We have talked about Social Media in prior posts. The following is one of the reasons why.
Phishers used Facebook to burrow their way into the network of a large US financial company last year. The attackers took control of one employee’s Facebook account and using information culled from that individual’s friends’ profiles, sent what appeared to be personal messages to several other company employees about pictures taken at a company picnic. The phishers learned of the picnic through postings on the hijacked account. When one of the other employees received a message asking her to click on a link that would allow her to view the pictures, her computer became infected with keystroke logging malware.
Trojan Found in Battery Charger Software Download
A download for the Energizer DUO battery charger software has been found to contain a Trojan horse program. The malware is capable of sending files to the attackers or downloading even more malware.
Free Security Awareness Posters
Microsoft (Yup, of all people, Microsoft) has made a few Security Awareness posters available. They’re quite good. If you’re looking for something to post by the water-cooler, these are great candidates.
Auto-Reply Basics
Technology. It’s here and people are not afraid to use it. They want to take full advantage of its possibilities. No stone left unturned so to speak. This includes an e-mail system’s Auto-reply feature. When we are out of the office, we don’t want our clients or other business associates to sit and wonder why we are not responding to their e-mails. We want them to be aware that, for the time being, we are out of the office and will get back with them when we return.
FFIEC Retail Payment Systems Booklet Updated
The FDIC has issued the following Financial Institution Letter:
Summary:
The Federal Financial Institutions Examination Council (FFIEC) has issued an updated Retail Payment Systems booklet. The booklet is part of the IT Examination Handbook series and serves as guidance for examiners, financial institutions, and service providers on identifying and controlling risks related to retail payment systems and related banking activities.
Banking Passwords Often Used for Other Sites
According to an article post, nearly three-quarters of computer users have the same password for their online banking accounts that they have for other, less secure websites.
The User Level: Social Engineering
Social Engineering is the practice of receiving information you are not authorized to have through means of deception and exploitation. Social engineering is when someone tricks another person into giving them information under false pretenses.
Update Your Threat List!
If you are looking to update your security awareness training materials (and in some cases, your Acceptable Use Policy), here is an EXCELLENT article that can help.