Category Archive: Risk Advisory

  1. Emerging Risk: Phishing vs. Spear Phishing: How to defend against these attacks?

    Leave a Comment

    Almost every internet user with an email account has received emails pretending to originate at some financial institution or other well-known entity, most often in bad English and likely from an organisation that they do not have any relation to. All of these urge the recipient to click on some link to prevent some dire consequence. Many of these emails try to collect personal information, account data or passwords. In other scenarios, the goal is infecting the user workstation with some kind of malware or backdoor. Today, almost all of these attacks are initiated for some kind of financial gain.

    201406-PRA Risk Advisory June 26

  2. Emerging Risk: End of Support Windows XP and Office 2003

    Leave a Comment

    The extended support period of Microsoft Windows XP, potentially ends April 8, 2014. Extended support for Office 2003 may also end on this date. After this date, Microsoft may no longer identify vulnerabilities or release any security patches for these products. Microsoft may also no longer offer free or paid support for these products. Furthermore, clients using Microsoft Security Essentials or Microsoft Endpoint Protection may no longer receive anti-virus updates.

    201401-PRA Group – IT Risk Advisory, January 2014

  3. Emerging Risk: April 2014, “Heartbleed” Vulnerability in OpenSSL

    Leave a Comment

    There is growing media coverage regarding the “Heartbleed” vulnerability. It will arise in Credit Unions that make use of open SSL. This vulnerability will be mitigated in part by Credit Unions who use Microsoft Internet Information Services. Credit Unions more likely to be exposed to this vulnerability make use of Linux which is widespread. Credit Unions that are not as likely to be exposed to this vulnerability are Credit Unions who may be behind on their patch management. As the vulnerability was introduced into the code in 2012 those who have done more recent updates to their firewalls, routers or anything with a GUI interface protected by SSL will have a greater likelihood of being exposed to this vulnerability. Our guideline lays out the technical details of the vulnerability along with suggested tools and mitigation steps for you to address this vulnerability.

    PRA Risk Advisory April 2014 HeartBleed Vulnerability pdf- April 09 2014 v2.0

  4. Implementation Guideline for In-branch Wi-Fi Access

    Leave a Comment

    Has your organization implemented wireless technology or thought through the risks and benefits of providing in-branch Wi-Fi* access using mobile devices such as tablets and smartphones? Often, end users’ enthusiasm for new technologies can get ahead of a disciplined, risk-based approach to wireless implementation. This guideline sets out a risk-based method for implementation of wireless technology to help your credit union assess and define your organization’s Wi-Fi needs and avoid the potential pitfalls of implementing a wireless network. From assessing Wi-Fi implementation models through to post-implementation factors, this guideline covers the following considerations to a successful Wi-Fi implementation:

    PRA Expert Advisory_Wi-Fi Guideline final Oct 7

  5. Emerging Risk: Shell Shock / Bash Bug September 26, 2014

    Leave a Comment

    The recent discovery of another IT vulnerability has been circulating in the media, being referred to as “Shell Shock” or the “Bash Bug.”

    The affected software is Bash (Bourne again Shell), which is the standard command line interpreter or shell on most Linux, Mac OSX, and possibly other Unix or Unixlike operating systems. However, most systems will not be exploitable as a result of this issue because you need to get at the system’s Bash remotely to take advantage of the vulnerability. Bottom Line: In theory, this might have been bigger than Heartbleed. In practice, the number of servers that can be remotely exploited appears to be quite small.

    Read it online