CISA Alerts
Feb 26, 2019
Security
The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the ICT Supply Chain Risk Management Task Force convened to launch work streams. These efforts are aimed at managing supply chain risks in information and communications technology.
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force gathered in Washington this week and last week as part of the Task Force’s o
CISA Alerts
Feb 14, 2019
CISA Director Krebs released a statement on the agency’s election security work; no explicit mentions of Texas or Texas-specific entities.
Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs released the following statement today on the agency’s election security work.
CISA Alerts
Nov 15, 2018
Security
The DHS convened the first meeting of the ICT Supply Chain Risk Management Task Force; this task force aims to develop recommendations for managing risks in the global ICT supply chain. The initiative is a public-private partnership.
The Department of Homeland Security (DHS) hosted the inaugural meeting of the nation’s first Information and Communications Technology (ICT) Supply Chain Risk Management Task Force. The task force is a public-private partnership formed to examine and develop consensus recommendations to identify and manage risk to the global ICT supply chain.
CISA Alerts
Oct 30, 2018
Security
The U.S. Department of Homeland Security has established the ICT Supply Chain Risk Management Task Force; this public-private partnership aims to identify and manage risks in the global ICT supply chain.
The U.S. Department of Homeland Security (DHS) announced today the formation and chartering of the nation’s first Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, a public-private partnership to examine and develop consensus recommendations to identify and manage risk to the global ICT supply chain.
CISA Alerts
Oct 02, 2018
Security
• DHS provided a classified briefing on the current cyber threat landscape for election infrastructure companies. • The meeting was held with members of the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector.
Senior officials from the U.S. Department of Homeland Security (DHS) met today with members of the Sector Coordinating Council (SCC) for the Election Infrastructure Subsector and conducted a classified briefing on the current cyber threat landscape for the election community.
CISA Alerts
Jul 20, 2011
Guidance
The article emphasizes the importance of cybersecurity measures for credit unions. It highlights the need for regular risk assessments and employee training on cyber threats.
NEW
CU InfoSecurity
Unknown date
Security
Marquis Software Solutions sued SonicWall over a 2025 data breach claiming the cloud backup flaw exposed firewall configuration files, enabling an August 2025 ransomware attack and triggering class action lawsuits. The incident involved sensitive credentials and multifactor authentication scratch codes.
Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.
NEW
CU InfoSecurity
Unknown date
Security
Conduent reported a breach affecting 25 million people; state officials in Wisconsin are investigating. The incident involves back-office support services.
State Officials Investigating Breach of Back-Office Services Provider Found in 2025 The victim count in the 2024 hack on back-office support services vendor Conduent Business Services has just ballooned again, with the Xerox-spinoff now reporting to Wisconsin regulators that the incident affected "25 million-plus" people nationwide.
NEW
CU InfoSecurity
Unknown date
Security
Russian and Armenian operators were identified behind the 'Diesel Vortex' group, which developed a phishing-as-a-service targeting logistics platforms. The operation facilitated multiple types of fraud and demonstrated deep industry knowledge.
Russian and Armenian Operators Tied to Logistics-Focused 'Diesel Vortex' Group Cybersecurity investigators have identified, unmasked and disrupted a months-long organized criminal effort that developed a phishing-as-a-service designed to target Western users of popular logistics platforms, facilitating multiple types of fraud and displaying operators' deep industry knowledge.
CU InfoSecurity
Unknown date
Guidance
The article emphasizes the importance of securing identities in a hybrid work environment. It highlights the need for robust identity management systems and continuous monitoring to prevent unauthorized access.
CU InfoSecurity
Unknown date
Security
The webinar emphasizes the importance of aligning Security Operations (SecOps) and Governance, Risk, and Compliance (GRC) for effective security management. It highlights that siloed approaches can lead to inefficiencies and vulnerabilities.
CU InfoSecurity
Unknown date
- Network intelligence focuses on relationships across banks rather than individual bank detection.
- This approach aims to move from detecting anomalies alone to understanding the connections in fraud networks.
Shared Network Intelligence Adds Ecosystem Visibility to AI Models Fraudsters collaborate, but most banks still detect fraud alone. This imbalance has defined fraud prevention for years. Now CISOs and fraud practitioners are rethinking their approach using network intelligence signals. Network intelligence shifts the lens by focusing on relationships across banks.
CU InfoSecurity
Unknown date
Security
The article highlights the importance of hardening browser security to prevent cyber threats. It emphasizes the need for regular updates and strong password policies.
CU InfoSecurity
Unknown date
Security
PayPal discovered a six-month data breach affecting about 100 business customers of its loan app, exposing personal information and leading to fraudulent charges. PayPal fully refunded the affected customers.
Fintech Giant Says Personal Data Exposed for About 100 Business Users of Loan App Financial services firm PayPal said it discovered a data breach that lasted for six months, exposed some business customers' personal information and led to fraudulent charges. The company said about 100 customers were affected, and that it has fully refunded them for fraudulent charges.
CU InfoSecurity
Unknown date
Security
The article emphasizes the need for a programmatic approach to Cybersecurity Program (CPS) security in light of AI-era attacks. It highlights the importance of proactive measures and continuous monitoring.
CU InfoSecurity
Unknown date
Security
Anthropic's AI tool Claude Code Security found 500+ undetected bugs in production code; cybersecurity stocks dropped sharply but analysts disagree on the long-term impact.
AI Code Scanner Rattles a $200B Industry Anthropic launched Claude Code Security, an AI tool that found 500+ undetected bugs in production code. Cybersecurity stocks dropped sharply, but analysts are split on whether the disruption signals a genuine industry reckoning or a market overreaction.
CU InfoSecurity
Unknown date
Security
Critical flaw in BeyondTrust software could provide attackers access to hospital networks; Federal authorities and industry officials urge prompt action. Credit unions should ensure their systems are not vulnerable.
Critical Vulnerability Could Give Attackers Foothold in Clinical Networks Federal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network.
CU InfoSecurity
Unknown date
Security
• PromptSpy uses Google's Gemini AI model for automating persistence on infected devices.
• This marks the second known case of AI-driven mobile malware.
Researchers Say PromptSpy Automates Persistence on Infected Devices A newly discovered Android malware strain, "PromptSpy," is using Google's Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware.
CU InfoSecurity
Unknown date
Security
- ATM jackpotting attacks have stolen $20 million last year in the U.S., with a surge in such incidents.
- The FBI warns operators to implement physical and hardware-level defenses against these attacks.
$20M Stolen Last Year in Malware-Driven Jackpotting Attacks, Warns FBI Malware-wielding criminals "jackpotted" ATMs across the United States last year to walk away with $20 million thanks to "cash-out" attacks. Tracking that collective haul, the FBI said such attacks are on the rise, and urged operators to implement a range of physical and hardware-level defenses.
CU InfoSecurity
Unknown date
Security
• Ransomware attacks on operational technology systems are mischaracterized as IT incidents despite impacting operations.
• The Dragos review highlights the silent epidemic of ransomware targeting OT, emphasizing the need for better visibility and recognition of these threats.
Ransomware, Lack of Visibility, Mischaracterizations and Nation-States, Oh My There is a silent epidemic of ransomware attacks on commercial operational technology systems, which are mischaracterized as IT incidents even though they impact operational systems, claims a comprehensive annual review of cyberattacks targeting OT, published this week by security firm Dragos.
CU InfoSecurity
Unknown date
Security
Cogent Security raised $42 million for an AI-powered platform aimed at automating cyber defense; plans include tripling staff and enhancing model accuracy.
Series A Led by Bain Capital Ventures Targets Autonomous Remediation Platform Cogent Security secured $42 million in Series A funding to expand its AI-powered platform. Backed by Bain Capital Ventures, the company plans to triple staff, enhance model accuracy and scale its agent-based architecture to help enterprises automate remediation and counter AI-driven cyberattacks.
CU InfoSecurity
Unknown date
Guidance
The article emphasizes the importance of certificate automation in credit union operations, highlighting its transition from a nice-to-have feature to a critical component for compliance and risk management. It stresses the need for robust automation tools to meet regulatory requirements efficiently.
CU InfoSecurity
Unknown date
Enforcement
Paxful receives a $4M AML penalty; Coinbase introduces agentic AI wallets; $1M fraud indictment and other international incidents reported.
Also: Coinbase's Agentic AI Wallets, $1M Fraud Indictment This week, Paxful's $4M AML penalty, Coinbase's agentic AI wallets, a $1M fraud indictment, a 20-year $200M Ponzi sentence, laundering from the $200M Mixin hack, a Binance France home invasion attempt, insider betting charges in Israel and lost seized bitcoin in South Korea.
CU InfoSecurity
Unknown date
Security
The webinar discusses the use of AI for faster and more defensible incident response. Participants learn how AI can enhance security measures and improve compliance with regulatory requirements.
CU InfoSecurity
Unknown date
Guidance
The webinar discusses the use of Explainable AI for enhancing security measures and ensuring compliance with SEC requirements. Participants will learn how to integrate these technologies effectively.