Educause Security Discussion mailing list archives
Re: ALERT: Targeted attacks on institutional online banking
From: Doug Pearson <dodpears () REN-ISAC NET>
Date: Thu, 14 Jan 2010 15:30:19 -0500
Dear all, Sending a follow-up note to let folks know that we updated the "Targeted attacks on institutional online banking" alert with the following: + In the CIO/BO section: "5. Make committed and purposeful use of banking transaction initiator/approver roles. Most banks offer sophisticated role-based controls, but it's up to the institution to put them to effective use." + In the tech section: "+ Initiators and approvers should have distinct dedicated machines (see #5 in CIO/BO letter)." And in both sections, an updated link for the Neustar document: "The Irretrievable Losses of Malware-Enabled ACH and Wire Fraud: http://www.neustar.biz/content/download/778/4341/ACH_White_Paper.pdf Due to content, the alert e-mail gets caught in many filters. If you didn't receive the message, we suggest you view the alert at: http://www.ren-isac.net/alerts.html Regards, Doug Pearson Technical Director, REN-ISAC http://www.ren-isac.net 24x7 Watch Desk +1(317)278-6630
Current thread:
- ALERT: Targeted attacks on institutional online banking Doug Pearson (Jan 11)
- <Possible follow-ups>
- Re: ALERT: Targeted attacks on institutional online banking Doug Pearson (Jan 14)
- Re: ALERT: Targeted attacks on institutional online banking O'Callaghan, Daniel (Mar 31)
- Re: ALERT: Targeted attacks on institutional online banking Dexter Caldwell (Mar 31)
- Re: ALERT: Targeted attacks on institutional online banking Bob Bayn (Mar 31)