Yahoo Admits Half a Billion Users’ Info Hacked

Yahoo has confirmed that a ‘likely state sponsored’ 2014 breach exposed data from about 500 million users.  The company has stated that information possibly affected includes names, email addresses, birth dates and scrambled passwords.  Even more alarming is the acknowledgment that encrypted or unencrypted security questions and answers may have also been compromised, which could allow hackers to access victims’ other online accounts.

FDIC IT Exam Update

The FDIC has updated their IT Examination procedures.  On July 1, 2016, the FDIC will begin using the Information Technology Risk Examination (InTREx) Program to perform IT examinations at financial institutions.  The InTREx Program consists of the IT profile and three workpapers to help examiners accurately assess IT risks and the mitigating controls in place.   Contine reading

Ransomware: Malware in its cruelest form

Ransomware is another type of malware, but this one carries a bit of a sting.  Ransomware is nothing new, and if you remember the AIDS Trojan, you know it dates back to the late 80s.  Because it was the 80s, instead of paying electronically with bitcoin, the victim had to send money via the USPS to a P.O. Box.  Ransomware has been the headline for 2016.  If infected with this malware, access to your system will be limited until a ransom is paid. Contine reading

FFIEC: Mobile Financial Services

The FFIEC recently updated the IT Examination HandBook – Retail Payment Systems.  The new information can be found in Appendix E “Mobile Financial Services”.  Mobile financial services are growing in popularity and are radically changing how consumers pay for goods and services.  Convenience is key; however, that means new threats and risks are introduced into a consumer’s life. Contine reading

Verizon Data Breach Investigations Report 2016

It’s that time of the year again!

Verizon released its Data Breach Investigations Report for 2016.  For those of you not familiar with the report, Verizon collects and analyzes data from real world security incidents and breaches.  The current report analyzes over 100,000 incidents that occurred in 2015.  It is in no way all inclusive; however, it is one of the more reputable analysis reports that utilizes a healthy sample of incident and breach data to accurately portray the cyber incident landscape. Contine reading

Verizon Confirms Breach Affecting Business Customers

Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal.  Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.”  Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks. 

Android Mobile Banking Malware Risk Worsens

Security firm FireEye has released a report indicating the mobile banking trojan, SlemBunk, is becoming more and more sophisticated as the number of mobile banking users rises.  The malware is designed to attack Android devices and steals mobile banking credentials.  The original report identified at least 30 mobile banking applications that were affected, including those in North America, Europe and Asia Pacific.  An update to the report indicates the attack is even larger than originally identified.