Financial sector advisory: attacks and threats against financial institutions
Wednesday (19 SEP) proved to be a day of hand-wringing and concern for the financial sector as the online presences of both Chase and Bank of America suffered outages and performance impact, allegedly due to distributed denial of service (DDoS) attacks.
Financial Services Information Sharing and Analysis Center (FS-ISAC) has raised its Cyber Threat Level from 'Elevated' to 'High' on the basis of "credible intelligence regarding the potential for DDoS and other cyber-attacks against financial institutions".
According to Reuters, FS-ISAC’s advisory comes right on the heels of a "fraud alert" that the FBI published advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers.
These attacks also follow a statement posted to the Internet in which the claimant stated attacks would continue until “the film that had stirred up anti-U.S. protests across the Middle East was "erased" from the Internet.”
Source article: http://news.yahoo.com/jpmorgan-chase-consumer-website-intermittently-down-182802693--sector.html
If ISC learns of any consistencies in data that can be correlated, we’ll be sure to keep you informed and stand ready to assist.
Meanwhile, per FS-ISAC, particularly for those of you defending resources in the financial sector, “maintain a heightened level of awareness, apply all appropriate updates and update AV and IDS/IPS signatures, ensure constant diligence in monitoring and quick response to any malicious events.”
Apple and Cisco Security Advisories 19 SEP 2012
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities.
Advisory ID: cisco-sa-20120620-ac
Apple security updates:
APPLE-SA-2012-09-19-1 iOS 6
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and
Security Update 2012-004
APPLE-SA-2012-09-19-3 Safari 6.0.1
Security Update 2012-004
Keywords: Apple Security Update CISCO Security Advisory internet isc sans security threat vulnerability
0 comment(s)Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/
ISC StormCast for Thursday, September 20th 2012 http://isc.sans.edu/podcastdetail.html?id=2818
IE Fixes Available
Hoping to put a close on Monday's IE Zero-day vulnerability (https://isc.sans.edu/diary.html?storyid=14107) Microsoft has announced the release of a FixIt (http://support.microsoft.com/kb/2757760) to address the issue, with a patch to be made available via Windows Update this friday (http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx)
Can we look forward to more timely security patch releases from Microsoft? That would be good news indeed.
Keywords:
12 comment(s)
×
Diary Archives
Comments