A Note from Network Services: A Follow Up on the Recent Orion SolarWinds Vulnerability

Many of our clients continue to be pressured by state and federal regulators regarding the Orion SolarWinds breach, and have asked CU*Answers for additional clarification regarding our process since announcement of the attack.  As you may recall, CU*Answers announced on December 16 that we do not use Orion SolarWinds and are not directly affected by this breach.

The background on the breach is that the SolarWinds attack has likely been ongoing since March of 2020.  SolarWinds is a company supplying a product called Orion which is a network monitoring service to thousands of companies as well as many agencies of the federal government.  At this point it is deemed a supply chain problem and will take months if not years to determine the full impact.  For a more detailed understanding of the breach please see the following from Homeland Security:  https://www.dhs.gov/news/2020/12/17/joint-statement-fbi-cisa-and-odni

CU*Answers has a process for vendor risk management and evaluation.

  1. AuditLink reviews our most recent vendor risk assessment, and determines which vendors should be contacted.  These are Tier 1 and Tier 2 vendors primarily, having access to member information.
  2. AuditLink and Network Services reaches out to specific vendor representatives and ask for an attestation that they have done their review of their own systems and vendors to determine if Orion is used throughout their networks.
  3. AuditLink and Network Services keeps Executive Management informed of any updates requiring engagement of our Incident Response Protocol.
  4. AuditLink updates our vendor management portal as needed.
  5. Internal Audit works with AuditLink and Network Services to document our efforts and inform the Board of Directors of any identified risks and actions.

As the breach continues to unfold, AuditLink requests our credit unions to update us with any relevant communications they may receive from their vendors or supply chains.  As mentioned in our communication of December 16, should CU*Answers learn a third-party vendor is affected, CU*Answers will respond in accordance with its contractual obligations to clients, any applicable laws, and its own internal Information Security Program.

If you would like to discuss your approach to managing or monitoring this breach with your critical vendors, do not hesitate to reach out to AuditLink.

A Note from Network Services: MPLS Data Line Price Increases

A Note from Network Services: MPLS Data Line Price Increases

Notice of MPLS Data Line Price Increases Many credit unions use MPLS lines to connect to CU*Answers for their data processing.  CU*Answers has been notified by Lumen (formerly CenturyLink), the provider of our MPLS data network, that they will be passing along price increases on data lines that they receive from third party “last mile”… Read more »

Jun 7, 2022

A Note from Network Services: Netwrix Auditor Vulnerabilities

A Note from Network Services: Netwrix Auditor Vulnerabilities

Netwrix has disclosed vulnerabilities to Netwrix Auditor and has released an updated version, version 10.5, to resolve these vulnerabilities.  We urge clients using this platform to review their Netwrix Auditor version information and update to version 10.5 as soon as possible.  Netwrix has indicated that there is no evidence that these vulnerabilities were disclosed to… Read more »

Jun 7, 2022

A Note From the Help Desk: Microsoft Windows Support Diagnostic Tool Vulnerability

A Note From the Help Desk: Microsoft Windows Support Diagnostic Tool Vulnerability

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS Microsoft Windows Support Diagnostic Tool Vulnerability What Is It? CU*Answers Network Services is tracking a recently announced security vulnerability when the Microsoft Windows Support Diagnostic tool is used to execute arbitrary code with the privileges from another application such as Microsoft Word. How Does It Work? The primary method… Read more »

Jun 2, 2022

Reminder: Partnership Changes Coming to Managed Technology Services

Reminder: Partnership Changes Coming to Managed Technology Services

THIS POST APPLIES TO CREDIT UNIONS WHO RECEIVED THE ASSOCIATED EMAIL. Dear clients – for the past several years we have worked closely with CU*Northwest to deliver leading-edge managed technology services to their credit union community.  Through this partnership, you have been able to leverage the proven technology management practices of CU*Answers Network Services (CNS)… Read more »

Apr 20, 2022

AdvantageCIO acquires certified information systems auditor

AdvantageCIO, a division of CU*Answers, is pleased to announce it has acquired a Certified Information Systems Auditor (CISA) to perform various assessments for cybersecurity. Andrew Hinson has passed the exam and achieved the certified status for ISACA’s CISA program. The CISA certification is world-renowned as the standard of achievement for those who audit, control, monitor […]

Apr 6, 2022

Have a question for CU*Answers? Who do you call?

Have a question for CU*Answers?  Who do you call?

At CU*Answers, we know how important it is that your Credit Union gets the appropriate help in order to meet your day-to-day data processing needs.  When you don’t know exactly who to call, we recommend that you get started by reaching out to either the Client Services and Education Team or the Network Services Team…. Read more »

Apr 4, 2022

Partnership Changes Coming to Managed Technology Services

Partnership Changes Coming to Managed Technology Services

THIS POST APPLIES TO CREDIT UNIONS WHO RECEIVED THE ASSOCIATED EMAIL. Dear clients – for the past several years we have worked closely with CU*Northwest to deliver leading-edge managed technology services to their credit union community.  Through this partnership, you have been able to leverage the proven technology management practices of CU*Answers Network Services (CNS)… Read more »

Mar 31, 2022

A Note from Network Services: Extended Lead Times on Hardware Orders

A Note from Network Services: Extended Lead Times on Hardware Orders

Extended hardware lead times are affecting nearly all hardware orders.  Do not delay ordering equipment for your network projects. CU*Answers Network Services is advising clients to not delay placing equipment orders for their upcoming projects. Vendors and manufacturers are experiencing extreme supply chain delays and volatility across all product categories that are pushing delivery times… Read more »

Mar 28, 2022

Partnership Changes Coming to Managed Technology Services

Partnership Changes Coming to Managed Technology Services

THIS POST APPLIES TO CREDIT UNIONS WHO RECEIVED THE ASSOCIATED EMAIL. Dear clients – for the past several years we have worked closely with CU*Northwest to deliver leading-edge managed technology services to their credit union community.  Through this partnership, you have been able to leverage the proven technology management practices of CU*Answers Network Services (CNS)… Read more »

Mar 1, 2022