Security Bulletin: “KRACK” Wi-Fi Vulnerability

Security Bulletin: “KRACK” Wi-Fi Vulnerability

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS Early this morning a security researcher disclosed several vulnerabilities that affect nearly all Wi-Fi networks.  It is being referred to as “KRACK” in the press. The vulnerability could allow an attacker in proximity of the Wi-Fi network to intercept, alter, or even insert data into legitimate wireless connections.  The… Read more »

Oct 16, 2017

Security Bulletin: Equifax Breach

Security Bulletin: Equifax Breach

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS By now you have heard about the breach at Equifax that exposed the personal information of over 145 million consumers. This Bulletin addresses the technical vulnerability that is believed to be the cause of the Equifax breach, namely the use of unpatched software known as Apache Struts. What is… Read more »

Oct 6, 2017

Security Bulletin: Petya

Security Bulletin: Petya

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS Last month, we alerted you about the ransomware known as WannaCry (WannaCrypt0r). Today, a new form of malware known as Petya is circling the internet.  Petya uses the same vulnerability as WannaCry, known as Eternal Blue, that was previously patched by Microsoft in March 2017.  Petya is considered worse… Read more »

Jun 27, 2017

Security Bulletin: WannaCry Ransomware

Security Bulletin: WannaCry Ransomware

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS By now you may have heard about the massive ransomware attack that began on Friday and potentially affected tens of thousands of computers in 100 or more countries.  The media was quick to report the story, as well as news of the young security researcher that helped slow the… Read more »

May 15, 2017

Security Bulletin: Symantec Vulnerability

Security Bulletin: Symantec Vulnerability

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS What is it? Symantec, the vendor of our anti-virus software, has published a vulnerability alert for their own software. This vulnerability is significant in that it can be triggered without any user input. This vulnerability was discovered by security researchers at Google. What’s the risk? If the AV software… Read more »

May 18, 2016

Security Bulletin: Badlock Vulnerability

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS The information you need from the Network Services team. What is it? A vulnerability commonly known as “Badlock” was announced today, April 12, 2016. What’s the risk? Badlock risks are primarily denial-of-service and man-in-the-middle attacks. A successful attack could result in elevation of privilege, possibly to administrator level. The… Read more »

Apr 12, 2016

Security Bulletin: SSLv2/Drown Vulnerability

ATTENTION ONLINE AND SELF-PROCESSING CREDIT UNIONS The information you need from the Network Services team. What is it? A vulnerability commonly known as “DROWN” or a SSLv2 attack. What’s the risk? This vulnerability could allow an attacker to decrypt data if enough SSLv2 information was intercepted. What’s the assessment from CNS? Although our standard protocol… Read more »

Apr 1, 2016