NEW
FDIC Financial Institution Letters
Oct 17, 2024
Security
The FDIC Board of Directors met on October 17, 2024. Materials and a recording of the meeting are available for review. No explicit Texas-specific information was provided.
BOARD MEETING | OCTOBER 17, 2024 ( Updated the link in the Read More button) FDIC BOARD OF DIRECTORS MEETING Today the Federal Deposit Insurance Corporation’s Board of Directors met. Materials and information relative to the Board actions are available here . A recording of the full webcast of the open meeting is available here . Read more The FDIC does not send unsolicited e-mail. If this publication has reached you in error, or if you no longer wish to receive this service, please unsubscribe . STAY CONNECTED
NEW
FDIC Financial Institution Letters
Oct 17, 2024
Security
The FDIC Board of Directors met on October 17, 2024. Materials and a recording of the meeting are available for review.
BOARD MEETING | OCTOBER 17, 2024 FDIC BOARD OF DIRECTORS MEETING Today the Federal Deposit Insurance Corporation’s Board of Directors met. Materials and information relative to the Board actions are available here : A recording of the full webcast of the open meeting is available here . Read more The FDIC does not send unsolicited e-mail. If this publication has reached you in error, or if you no longer wish to receive this service, please unsubscribe . STAY CONNECTED
CISA Alerts
Jun 22, 2019
Security
CISA reports an increase in malicious cyber activity by Iranian regime actors and proxies targeting U.S. industries and government agencies; CISA will continue monitoring and sharing information.
In response to reports of an increase in cybersecurity threats, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs issued the following statement:“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.
CISA Alerts
Jun 20, 2019
Security
The ICT Supply Chain Risk Management Task Force updated members on progress towards developing an initial recommendation for identifying and managing risks in global ICT supply chains. The task force includes CISA and government/industry members.
The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington, D.C. today to update members on progress towards the development of an initial recommendation to help industry and government stakeholders more effectively identify and manage risks to global ICT supply chains.
CISA Alerts
Apr 10, 2019
Security
- CISA and Secure Community Network conducted a tabletop exercise involving Jewish community leaders and law enforcement for incident response planning.
- The exercise focused on scenarios of violence threats, based on current events.
WASHINGTON – Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) hosted a tabletop exercise in collaboration with the Secure Community Network (SCN). The exercise brought together Jewish community leaders from across the nation, along with federal and state law enforcement and interagency partners to examine how they would act in a notional event focused on threats of violence including scenarios based on current events.
CISA Alerts
Feb 26, 2019
Security
The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the ICT Supply Chain Risk Management Task Force convened to launch work streams. These efforts are aimed at managing supply chain risks in information and communications technology.
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington this week and last week as part of the Task Force’s o
CISA Alerts
Nov 15, 2018
Security
The DHS convened the first meeting of the ICT Supply Chain Risk Management Task Force; this task force aims to develop recommendations for managing risks in the global ICT supply chain. The initiative is a public-private partnership.
The Department of Homeland Security (DHS) hosted the inaugural meeting of the nation’s first Information and Communications Technology (ICT) Supply Chain Risk Management Task Force. The task force is a public-private partnership formed to examine and develop consensus recommendations to identify and manage risk to the global ICT supply chain.
CISA Alerts
Oct 30, 2018
Security
The U.S. Department of Homeland Security has established the ICT Supply Chain Risk Management Task Force; this public-private partnership aims to identify and manage risks in the global ICT supply chain.
The U.S. Department of Homeland Security (DHS) announced today the formation and chartering of the nation’s first Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, a public-private partnership to examine and develop consensus recommendations to identify and manage risk to the global ICT supply chain.
CISA Alerts
Oct 02, 2018
Security
• DHS provided a classified briefing on the current cyber threat landscape for election infrastructure companies. • The meeting was held with members of the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector.
Senior officials from the U.S. Department of Homeland Security (DHS) met today with members of the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector and conducted a classified briefing on the current cyber threat landscape for the election community.
NEW
CU InfoSecurity
Unknown date
Security
Marquis Software Solutions sued SonicWall over a 2025 data breach claiming the cloud backup flaw exposed firewall configuration files, enabling an August 2025 ransomware attack and triggering class action lawsuits. The incident involved sensitive credentials and multifactor authentication scratch codes.
Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.
NEW
CU InfoSecurity
Unknown date
Security
Conduent reported a breach affecting 25 million people; state officials in Wisconsin are investigating. The incident involves back-office support services.
State Officials Investigating Breach of Back-Office Services Provider Found in 2025 The victim count in the 2024 hack on back-office support services vendor Conduent Business Services has just ballooned again, with the Xerox-spinoff now reporting to Wisconsin regulators that the incident affected "25 million-plus" people nationwide.
NEW
CU InfoSecurity
Unknown date
Security
Russian and Armenian operators were identified behind the 'Diesel Vortex' group, which developed a phishing-as-a-service targeting logistics platforms. The operation facilitated multiple types of fraud and demonstrated deep industry knowledge.
Russian and Armenian Operators Tied to Logistics-Focused 'Diesel Vortex' Group Cybersecurity investigators have identified, unmasked and disrupted a months-long organized criminal effort that developed a phishing-as-a-service designed to target Western users of popular logistics platforms, facilitating multiple types of fraud and displaying operators' deep industry knowledge.
CU InfoSecurity
Unknown date
Security
The webinar emphasizes the importance of aligning Security Operations (SecOps) and Governance, Risk, and Compliance (GRC) for effective security management. It highlights that siloed approaches can lead to inefficiencies and vulnerabilities.
CU InfoSecurity
Unknown date
Security
The article highlights the importance of hardening browser security to prevent cyber threats. It emphasizes the need for regular updates and strong password policies.
CU InfoSecurity
Unknown date
Security
PayPal discovered a six-month data breach affecting about 100 business customers of its loan app, exposing personal information and leading to fraudulent charges. PayPal fully refunded the affected customers.
Fintech Giant Says Personal Data Exposed for About 100 Business Users of Loan App Financial services firm PayPal said it discovered a data breach that lasted for six months, exposed some business customers' personal information and led to fraudulent charges. The company said about 100 customers were affected, and that it has fully refunded them for fraudulent charges.
CU InfoSecurity
Unknown date
Security
The article emphasizes the need for a programmatic approach to Cybersecurity Program (CPS) security in light of AI-era attacks. It highlights the importance of proactive measures and continuous monitoring.
CU InfoSecurity
Unknown date
Security
Anthropic's AI tool Claude Code Security found 500+ undetected bugs in production code; cybersecurity stocks dropped sharply but analysts disagree on the long-term impact.
AI Code Scanner Rattles a $200B Industry Anthropic launched Claude Code Security, an AI tool that found 500+ undetected bugs in production code. Cybersecurity stocks dropped sharply, but analysts are split on whether the disruption signals a genuine industry reckoning or a market overreaction.
CU InfoSecurity
Unknown date
Security
Critical flaw in BeyondTrust software could provide attackers access to hospital networks; Federal authorities and industry officials urge prompt action. Credit unions should ensure their systems are not vulnerable.
Critical Vulnerability Could Give Attackers Foothold in Clinical Networks Federal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network.
CU InfoSecurity
Unknown date
Security
• PromptSpy uses Google's Gemini AI model for automating persistence on infected devices.
• This marks the second known case of AI-driven mobile malware.
Researchers Say PromptSpy Automates Persistence on Infected Devices A newly discovered Android malware strain, "PromptSpy," is using Google's Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware.
CU InfoSecurity
Unknown date
Security
- ATM jackpotting attacks have stolen $20 million last year in the U.S., with a surge in such incidents.
- The FBI warns operators to implement physical and hardware-level defenses against these attacks.
$20M Stolen Last Year in Malware-Driven Jackpotting Attacks, Warns FBI Malware-wielding criminals "jackpotted" ATMs across the United States last year to walk away with $20 million thanks to "cash-out" attacks. Tracking that collective haul, the FBI said such attacks are on the rise, and urged operators to implement a range of physical and hardware-level defenses.
CU InfoSecurity
Unknown date
Security
• Ransomware attacks on operational technology systems are mischaracterized as IT incidents despite impacting operations.
• The Dragos review highlights the silent epidemic of ransomware targeting OT, emphasizing the need for better visibility and recognition of these threats.
Ransomware, Lack of Visibility, Mischaracterizations and Nation-States, Oh My There is a silent epidemic of ransomware attacks on commercial operational technology systems, which are mischaracterized as IT incidents even though they impact operational systems, claims a comprehensive annual review of cyberattacks targeting OT, published this week by security firm Dragos.
CU InfoSecurity
Unknown date
Security
Cogent Security raised $42 million for an AI-powered platform aimed at automating cyber defense; plans include tripling staff and enhancing model accuracy.
Series A Led by Bain Capital Ventures Targets Autonomous Remediation Platform Cogent Security secured $42 million in Series A funding to expand its AI-powered platform. Backed by Bain Capital Ventures, the company plans to triple staff, enhance model accuracy and scale its agent-based architecture to help enterprises automate remediation and counter AI-driven cyberattacks.
CU InfoSecurity
Unknown date
Security
The webinar discusses the use of AI for faster and more defensible incident response. Participants learn how AI can enhance security measures and improve compliance with regulatory requirements.
CU InfoSecurity
Unknown date
Security
• Android Trojan 'Massiv' masquerades as an IPTV app and can capture screens, overlay content, and steal credentials.
• The malware may soon be offered for sale on criminal forums as a service.
New Trojan May Soon Be Offered for Sale to Criminal Underground Security researchers warn of "Massiv," an Android Trojan - disguised as an IPTV app - targeting users who sideload streaming apps. The malware enables screen capture, overlays and credential theft - and may soon be marketed on criminal underground forums as malware as a service.
CU InfoSecurity
Unknown date
Security
Threat actors prefer low-complexity attacks over sophisticated ones; Credit union compliance officers should prioritize rapid response and well-trod techniques.
Incident Responders Detail Top Ransomware and Business Email Compromise Tactics There's no need to invest into sophisticated hacking operations when moving fast and exploiting well-trod techniques gives threat actors all the access they want. Threat actors are prioritizing "low-complexity entry points, rather than investing in sophisticated exploits," say incident responders.