FFIEC Statement on Outsourced Cloud Computing
The Federal Financial Institutions Examination Council (FFIEC) has issued a statement on outsourced cloud computing activities. The statement discusses key risk considerations associated with outsourced cloud computing activities and identifies applicable risk mitigation considerations.
Using SDelete
SDelete allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. It is a command line utility that takes a number of options. SDelete accepts wild card characters as part of the directory or file specifier. Instructions on how to use SDelete.
Bust Exposes PCI Challenges
Experts say that the international takedown that resulted in 24 arrests for credit card fraud illustrates problems inherent in the Payment Card Industry Data Security Standard (PCI DSS).
Court Ruling Could Be Boon to Cyberheist Victims
A decision handed down by a federal appeals court this week may make it easier for small business owners victimized by cyberheists to successfully recover stolen funds by suing their bank.
Don’t Get Smished!
We have all heard about phishing, or at least I hope so. But, how many have heard about smishing? Smishing is another form of social engineering attack that uses SMS (text messaging) and mobile devices instead of the telephone (voice) to glean nonpublic information from unsuspecting individuals.
A Cure for BYOD?
Using mobile devices in the workforce has grown in popularity. However, some organizations haven’t jumped to purchasing those devices. Some employees, either out of need or convenience, have used an alternate route in that they bring their own device (BYOD) to work. This brings up some security concerns. To address this, AT&T says it has the answer for corporations that want to let employees access work applications from personal phones without becoming a security threat.
Mobile Security White Paper for BYOD and/or Issued Devices
The auditors at infotex have created a set of non-technical controls (ie: policies and procedures) governing the use of mobile devices. This white paper (Mobile Security White Paper: Non-technical Controls) discusses considerations that should be addressed in creating such controls. The Era of Mobile Devices
Understanding SOC Reports (For Beginners)
As part of our certifications through ISACA (CISA, CISM and CRISC), we regularly flip through the ISACA Journal dog-earring the pertinent articles and other learning materials available to us through this organization. In looking at one of the prior issues the other day, I again ran across a very insightful article titled Understanding the New SOC Reports. Since we are in the examination program just like financial institutions, we also have to be diligent in our annual vendor reviews and comb through our own vendors’ IT security related and other documentation. As such, this article interested me.
Tiny Banker Trojan
According to a post by CSIS Security Group A/S, they have uncovered a new trojan-banker family which they have named Tinba (Tiny Banker) alias “Zusy”. Tinba is a small data stealing trojan-banker. It hooks into browsers and steals login data and sniffs on network traffic. As several sophisticated banker-trojan it also uses Man in The Browser (MiTB) tricks and webinjects in order to change the look and feel of certain webpages with the purpose of circumventing Two factor Authentification (2FA) or tricking the infected user to give away additional sensitive data such as credit card data or TANs.