The recent hack of a Federal Reserve’s website highlights an ongoing problem many organizations face in trying to keep software up to date with security patches, experts says. “It’s a fairly constant problem that we’ve had for a number of years and it isn’t going away,” said Glenn Chisholm, chief security officer for Cylance. In the case of the Fed, reports indicated the hackers broke into a non-public site that ran on top of a contact database used in reaching bank execs during a natural disaster. A copy of a message by the Fed that was obtained by Reuters warned that data posted on the Web included mailing addresses, business phone numbers, mobile phone numbers, business email address and fax numbers.<\/p>\n","protected":false},"excerpt":{"rendered":"
While potentially damaging to the bank execs, the data was less critical than other information held by the central bank, such as sensitive financial data or confidential policy communications. <\/p>\n
“While it may not seem so to the bankers whose information was compromised, when you put it into perspective — we are talking about the Federal Reserve — this data is really the low-hanging fruit,” said Al Pascual, security analyst for Javelin Strategy & Research.<\/p>\n
Unconfirmed, media speculation had the flaw as a known vulnerability in Adobe ColdFusion software, which is used by some Federal Reserve websites. The data that was stolen from the Fed and posted on the Web could likely become a headache for the bank execs. Hackers could use the information to craft email that would be more likely to trick recipients into clicking on an attachment or a link to a malicious website. <\/p>\n
Link: http:\/\/www.networkworld.com\/news\/2013\/020713-fed-hack-highlights-software-patching-266497.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-965","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=965"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/965\/revisions"}],"predecessor-version":[{"id":3452,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/965\/revisions\/3452"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}