Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Financial sector advisory: attacks and threats against financial institutions

Published: 2012-09-20
Last Updated: 2012-09-20 16:20:49 UTC
by Russ McRee (Version: 1)
1 comment(s)

 

Wednesday (19 SEP) proved to be a day of hand-wringing and concern for the financial sector as the online presences of both Chase and Bank of America suffered outages and performance impact, allegedly due to distributed denial of service (DDoS) attacks.
Financial Services Information Sharing and Analysis Center (FS-ISAC) has raised its Cyber Threat Level from 'Elevated' to 'High' on the basis of "credible intelligence regarding the potential for DDoS and other cyber-attacks against financial institutions".
According to Reuters, FS-ISAC’s advisory comes right on the heels of a "fraud alert" that the FBI published advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers.
These attacks also follow a statement posted to the Internet in which the claimant stated attacks would continue until “the film that had stirred up anti-U.S. protests across the Middle East was "erased" from the Internet.”
 
 
If ISC learns of any consistencies in data that can be correlated, we’ll be sure to keep you informed and stand ready to assist.
Meanwhile, per FS-ISAC, particularly for those of you defending resources in the financial sector, “maintain a heightened level of awareness, apply all appropriate updates and update AV and IDS/IPS signatures, ensure constant diligence in monitoring and quick response to any malicious events.”

 

1 comment(s)

Apple and Cisco Security Advisories 19 SEP 2012

Published: 2012-09-20
Last Updated: 2012-09-20 06:01:01 UTC
by Russ McRee (Version: 1)
0 comment(s)

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities.
 
Apple security updates:
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and
Security Update 2012-004
APPLE-SA-2012-09-19-3 Safari 6.0.1

Russ McRee | @holisticinfosec

0 comment(s)
Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
ISC StormCast for Thursday, September 20th 2012 http://isc.sans.edu/podcastdetail.html?id=2818

IE Fixes Available

Published: 2012-09-20
Last Updated: 2012-09-20 01:57:47 UTC
by Kevin Liston (Version: 1)
12 comment(s)

Hoping to put a close on Monday's IE Zero-day vulnerability (https://isc.sans.edu/diary.html?storyid=14107) Microsoft has announced the release of a FixIt (http://support.microsoft.com/kb/2757760) to address the issue, with a patch to be made available via Windows Update this friday (http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx)

Can we look forward to more timely security patch releases from Microsoft?  That would be good news indeed.

Keywords:
12 comment(s)
Diary Archives