REMINDER - This newsletter is
available for the Android smart phones and tablets. Go to the
Market Store and search for yennik.
- California lawmakers move to bar state help to NSA - Proposal to
prohibit sale of water, electricity by state owned facilities to the
NSA will likely be copied by legislators in other states - Two
California lawmakers this week introduced a bill that would prohibit
state agencies and corporations from providing material support to
the National Security Agency.
- Zero-Day Flaws Found, Patched In Siemens Switches - A security
researcher has discovered a pair of zero-day vulnerabilities in a
popular family of Siemens industrial control system switches that
could allow an attacker to take over the network devices without a
- Firm Bankrupted by Cyberheist Sues Bank -A state-appointed
receiver for the now defunct Huntington Beach, Calif. based
Efficient Services Escrow has filed suit against First Foundation
Bank, alleging that the bank’s security procedures were not up to
snuff, and that it failed to act in good faith when it processed
three fraudulent international wire transfers totaling $1,558,439
between December 2012 and February 2013.
- Teen Reported to Police After Finding Security Hole in Website - A
teenager in Australia who thought he was doing a good deed by
reporting a security vulnerability in a government website was
reported to the police.
- Air Force Academy's cyber team reaches rare heights - Computer
warfare is a top priority for the Air Force, which sees Internet
attacks as a key component of future conflicts. Air Force Space
Command at Peterson Air Force Base is guiding the Air Force's cyber
- Ways to avoid a multi-million dollar security disaster - From
Adobe to Facebook, security breaches continue to be top-of-mind for
both companies and users, and organizations around the globe are all
wondering if they are next in line to deal with a breach of their
- Apple to refund $32.5 million after kids rack up app charges
without adult consent - Apple has agreed to refund $32.5 million to
consumers, after games in its App Store allowed kids to make costly
purchases without parental consent.
INTRUSIONS, DATA THEFT & LOSS
- Cryptolocker scrambles eight years of data belonging to US town
hall - The Cryptolocker ransom Trojan has claimed another victim in
small-town America, scrambling eight years-worth of files held by a
New Hampshire town authority. Some are believed to be irretrievable.
- Yahoo malware turned European computers into bitcoin slaves -
Search firm remains silent on how its ad servers infected Windows
PCs of visitors to homepage - As many as two million European users
of Yahoo may have received PC malware from virus-laden ads served by
its homepage over a four-day period last week.
- Hacked Agencies Are Inconsistent in Alerting Victims - Agencies
are not in synch when it comes to notifying victims of hacks, which
might be impairing the government’s ability to protect affected
federal employees and citizens from predators, according to a new
- Credit card hackers hit Neiman Marcus - Neiman Marcus says that
it's the latest victim of data thieves, who made off with the credit
card information of an unknown number of customers.
- Two employees fired after hospital computer containing PHI is
dumped - Two employees at Georgia-based Phoebe Putney Memorial
Hospital have been fired after a desktop computer containing
information on nearly 6,800 individuals was mistakenly thrown away.
- Server storing 6,000 emergency medical response calls breached -
North East King County Regional Public Safety Communication Agency (NORCOM),
a company that provides emergency communication services to the
public, fire and police agencies, had a server breached in late
- Virginia county school data accidentally posted online - An
undisclosed number of Loudoun County Public Schools (LCPS) students
and staffers in Virginia may have had personal information
compromised after their data was accidentally posted publicly
- Starbucks iOS app vulnerability endangers users' data - A
vulnerability in Starbucks iOS mobile payment app puts user email
addresses, passwords, usernames and location data at risk of being
- Card data among info accessed in malware attack on medical
supplier - The information – including payment card data – of more
than 4,000 individuals was inappropriately accessed after malware
was introduced into the computer systems of Ohio-based Edgepark
Return to the top of the newsletter
WEB SITE COMPLIANCE -
"Member FDIC" Logo - When is it required?
The FDIC believes that every bank's home page is to some extent an
advertisement. Accordingly, bank web site home pages should contain
the official advertising statement unless the advertisement is
subject to exceptions such as advertisements for loans, securities,
trust services and/or radio or television advertisements that do not
exceed thirty seconds.
Whether subsidiary web pages require the official advertising
statement will depend upon the content of the particular page.
Subsidiary web pages that advertise deposits must contain the
official advertising statement. Conversely, subsidiary web pages
that relate to loans do not require the official advertising
to the top of the newsletter
INFORMATION TECHNOLOGY SECURITY - We continue our series
on the FFIEC interagency Information Security Booklet.
SECURITY CONTROLS -
Protocols and Ports (Part 1 of 3)
Network communications rely on software protocols to ensure the
proper flow of information. A protocol is a set of rules that allows
communication between two points in a telecommunications connection.
Different types of networks use different protocols. The Internet
and most intranets and extranets, however, are based on the TCP/IP
layered model of protocols. That model has four layers, and
different protocols within each layer. The layers, from bottom to
top, are the network access layer, the Internet layer, the
host-to-host layer, and the application layer. Vulnerabilities and
corresponding attack strategies exist at each layer. This becomes an
important consideration in evaluating the necessary controls.
Hardware and software can use the protocols to restrict network
access. Likewise, attackers can use weaknesses in the protocols to
The primary TCP/IP protocols are the Internet protocol (IP) and the
transmission control protocol (TCP). IP is used to route messages
between devices on a network, and operates at the Internet layer.
TCP operates at the host-to-host layer, and provides a
connection-oriented, full - duplex, virtual circuit between hosts.
Different protocols support different services for the network. The
different services often introduce additional vulnerabilities. For
example, a third protocol, the user datagram protocol (UDP) is also
used at the host-to-host layer. Unlike TCP, UDP is not connection -
oriented, which makes it faster and a better protocol for supporting
broadcast and streaming services. Since UDP is not
connection-oriented, however, firewalls often do not effectively
filter it. To provide additional safeguards, it is often blocked
entirely from inbound traffic or additional controls are added to
verify and authenticate inbound UDP packets as coming from a trusted
Return to the top of the newsletter
INTERNET PRIVACY - We continue our
series listing the regulatory-privacy examination questions. When
you answer the question each week, you will help ensure compliance
with the privacy regulations.
32. When a customer relationship ends, does the institution
continue to apply the customer's opt out direction to the nonpublic
personal information collected during, or related to, that specific
customer relationship (but not to new relationships, if any,
subsequently established by that customer)? [§7(g)(2)]