Tech Alert Briefing for 5/4/2007
May 4, 2007
Update covering April 27 - May 3, 2007
Welcome to Tech Talk! In this week's edition of Tech Talk, BOL Guru Jeff Patterson writes about a new scam using the ACH system.
Jeff Patterson,
BOL GURUYou'll also learn about:
Get the details below.
Free Webinar Series ? Best Practices
Join Harland Financial Solutions for a series of complimentary Webinars focusing on industry trends and best practices. Designed for financial institution executives, you can choose from topics such as Deposit Pricing, Event Detection and Delivery, the latest Deposit Benchmarking research findings, and much more. Click here to view the complete schedule or to register.
Gartner's "FFIEC Guidance Drives Online U.S. Banking Security Upgrades" report finds that "two-thirds of 50 U.S. banks surveyed met the year-end 2006 deadline."
The Gartner report, made available by SecureWorks, includes financial institution security spending, what solutions were implemented, status on implementations across the industry and numbers of breaches and disclosures. Click here to view the report.
Scammers Spend Pennies to Steal Thousands
A new report in Security Fix has scammers randomly generating account numbers, depositing a penny by exploiting validation weaknesses in the ACH system, and then withdrawing money from account numbers when the deposit was successful.The withdrawals took place at the beginning of the statement cycle so they would be unlikely to be noticed for at least a month.
Be Wary of Wormy Password Emails
A new variant of the Sober worm that wreaked havoc when first released in October 2003 was being heavily spammed over the last few days.These spam emails claim to contain a reset password in an attachment.Opening the attachment unleashes the worm.Find out more in InformationWeek.
Cyber Cash's Dirty Laundry Aired
Digital cash service E-Gold has been accused of laundering money for cyber and other criminals.Federal prosecutors have filed charges against the company and its owners, claiming that E-Gold has become the preferred method of payment for online scammers, identity thieves and child pornographers.Digital cash may be exploited by cyber criminals to move and launder money, so investigate all potential security measures if you're considering entering the digital cash arena.Read the full story in SecurityFocus.
Who's Rooting Around on Your Network?
A story in CSOOnline points to rootkits as one of the next major threats to enterprise security.These kernel-modifying software packages are designed to elude anti-virus and other anti-malware applications.They modify core operating system files and can be used for everything from stealing account numbers, to causing a denial of service attack, to taking complete control of an enterprise's network.What are you doing to protect yourself?
The Downside of Web 2.0 Portals
If you are considering upgrading your internet delivery portal to a Web 2.0 application, take a look at this article on Help Net Security about the risks and threats to Web 2.0 sites.
ATMs with Windows - A View of the Future
Will Patch Tuesday soon involve patching all of your ATMs, too?With IBM dropping support for OS2, the standard OS for ATMs the last several years, ATM manufacturers are looking for a new operating system.And it seems that Microsoft Windows is the only practical choice.Silicon.com has more information.
Plans for May's Patch Tuesday
Microsoft plans to release seven security bulletins next Tuesday as part of their monthly patch cycle.According to CNET, one of these patches will repair the zero-day DNS flaw discovered a few weeks ago.
Security Breach Concerns Breed Job Security Woes
Seventy-three percent of IT professionals are worried they could lose their jobs if their companies are hit with a major security breach.Sixty-two percent say they take these worries home with them.Find out what else is keeping IT professionals up at night in InformationWeek.
US-CERT Lists 163 Gaps
The US-CERT Vulnerability Summary for the Week of April 23, 2007 lists ninety-one High, twenty-six Medium and forty-six Low severity vulnerabilities. Vulnerabilities were announced in multiple Apple products, Apache Tomcat, CA's BrightStor ARCserve server, FileZilla, HP StorageWorks, Microsoft Internet Explorer, Mozilla Firefox, Novell Groupwise, Oracle's E-Business Suite, 3Com TippingPoint IDS, and the IPv6 protocol.
Subscribe to Tech Talk and BOL Tech Advisories.
CD ROM Training & Information Security Supplies
CD ROM Training
CD ROM Training
CD ROM TrainingPolicies/Job Descriptions & Video Training
Video Training:
Safeguarding Customer Information
Policy:
Information Systems Security
Job Description:
Chief Technology Information OfficerArchived Articles on Technology and eBankingYou have access to archived Tech Talk pages and Tech Alerts on BankersOnline's Technology & eBanking page.
Plus, you'll find the latest technology and eBanking articles and guru Q&As there, too.You'll find many more related articles in our InfoVault.