Friday, February 26, 2016

CU Was Slow to Respond to Hack of Online Banking Site

KrebsonSecurity is reporting that the online banking site of Coast Central Credit Union (Eureka, CA) "was compromised and apparently had been for nearly two months."

The "crooks had hacked the credit union’s site and retrofitted it with a “Web shell,” a simple backdoor program that allows an attacker to remotely control the Web site and server using nothing more than a Web browser."

According to the report, the credit union was contacted on February 23 about the hack; but did not immediately fix the problem.

The author wrote that when he contacted the credit union he explained who he was, how they’d likely been hacked, how they could verify the hack, and how they could fix the problem. Two days later when he noticed the site was still hacked, he contacted the credit union again, only to find they still didn’t believe he.

Eventually, the credit union believed him and disabled the Web shell.

Read the KrebsonSecurity.

No comments:

Post a Comment

 

The content is provided for educational purposes only, with the understanding that neither the authors, contributors, nor the publishers of this site are engaged in rendering legal, accounting or other expert or professional services. If legal or other expert assistance is required, the services of a competent professional should be sought.

Comments appearing in response to articles appearing on this site do not necessarily reflect the views of the ABA. ABA makes no representations regarding the truth or accuracy of commentary or opinions that may be posted in response to the articles that appear on this website.

The inclusion herein of any link to a website, either in the text of an article or in a comment, does not denote any approval, sponsorship, or endorsement by the ABA, and ABA is not responsible for the content or opinions expressed on those linked websites or related commentary. This content is not licensed to third parties sites and is not affiliated with any third party site. Any reference to the author or this content on any third party site on the Internet is not authorized by the ABA.

It is the policy of the American Bankers Association to comply fully with all antitrust laws. Certain discussions should be considered off-limits, including those that contain competitively sensitive data such as price and cost information, or statements that could be construed as reflecting an attempt or desire to control or influence a particular market or markets. Future pricing or other prospective competitive information should never be shared.