Archive for March, 2007
The February 2007 Insurance Report of Activity is Available
Draft items for the 3/15/2007 NCUA Board Meeting are available
Understanding Anti-Virus Software
Websense® Security Labs™ has received reports of a phishing attack that targets users of Rogers Communications. Users receive a spoofed email message, which claims that their account has been disabled because a third party accessed their account. The email also states that more information is needed to keep their account secure. The email provides a link to a phishing site that attempts to collect personal and account information.
This phishing site is hosted in the United States and was up at the time of this alert.
Phishing email text:
Rogers is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.
Why is my account access suspended?
Your account access has been suspended for the following reason(s):
March 12, 2007: We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive Rogers account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
(Your case ID for this reason is RR-257-057-154.)
To remove the limitation click on the following link:
<URL REMOVED>
Regards,
Rogers Security Departament
Phishing screenshot #1:
Phishing screenshot #2:
.JPG)
Phishing screenshot #3:
.JPG)
Phishing screenshot #4:
.JPG)
Census Bureau, Washington D.C.
Personal information from 302 households leaked to the internet by the Census Bureau after files were posted to the internet. The information included names, addresses, phone numbers, birth dates and family income ranges. No Social Security numbers were posted, and according to the bureau, there is no evidence that the data was misused.
According to Census Bureau spokesman, the information was on and off the public Web site from October to Feb. 15 as Census employees working from home tested new software. The workers were supposed to use fictitious information to test the site, but they inadvertently mingled data from the bureau’s Current Population Survey, a monthly survey best known for generating the nation’s employment statistics.
The affected households were located in Alabama, Alaska, Arkansas, Arizona, California, Colorado, Delaware, Florida, Connecticut and Washington, D.C.
The protocol was HTTP and the data was NPI (e.g. customer data).
———————————————————————————————————————-
Westerly Hospital. Westerly, Rhode Island
Medical records of 2,000 Westerly Hospital patients leaked to the internet. The Information included names, Social Security numbers and medical records about patients’ surgical procedures and medical histories, as well as people’s home addresses and insurance information.
The protocol was HTTP and that data was PHI (e.g. patient records).
———————————————————————————————————————–
Los Rios community college. Sacramento CA
Private information including names, birth date and Social Security number on about 2,000 Los Rios students leaked to the internet when staff members were testing a new online application system and, according to the school spokeswoman , “just grabbed some files” to upload.
The protocol was HTTP and the data was NPI (e.g. customer data).
———————————————————————————————————————–
Websense Content Protection Suite can prevent such leaks by blocking internal and external communications, such as emails and web posts, that include data that should be protected. Content Protection Suite also protects against leaks from outside the organization by using a reverse proxy mode. This mode prevents unauthorized access to web pages that contain this type of information.
By using the suite’s Content Auditor module for monitoring and discovering data at rest, and data in use, at the endpoint, an organization can identify and locate where confidential and private information is found, and determine if that data is being used inappropriately.
For additional information on how to discover your sensitive data, monitor its movement throughout your network, and protect it against breaches, visit:
http://www.websense.com/global/en/ProductsServices/CPS/
The February 2007 Community Development Revolving Loan Fund reports are available
The February 2007 Community Development Revolving Loan Fund reports are available
National Credit Union Administration (NCUA) Vice Chairman Rodney E. Hood described his vision and leadership agenda to a crowd of over 3,000 attendees during last week’s Governmental Affairs Conference, hosted by the Credit Union National Association,(CUNA) in Washington D.C.
National Credit Union Administration (NCUA) Board Member Gigi Hyland hosted an Access Across America Economic Summit in Tampa, FL., on Tuesday.
This report highlights Credit Union financial trends for 2006. We based our analysis on data compiled from the year-end 2006 call reports submitted by all federally insured Credit Unions.