FoxPointe Security Hub

The NCUA has proposed a new Cyber Incident Reporting Rule. This proposal comes on the heels of the Federal Banking Agencies Incident Reporting Rule that went into effect earlier this year. The proposed NCUA regulation would require federally charted credit unions (also applies to state-chartered,…

Cyberattacks and data security breaches continue to grow at a record pace year after year.  According to recent surveys, over 60% of cybersecurity professionals saw an increase in cyberattacks and security breaches related to the pandemic. In order to defend against these attacks, businesses…

This article was written by Jamie Normand, Security Consultant - FoxPointe Solutions Data privacy and protection regulations are becoming increasingly common worldwide.  This month marks four years since the European Union’s General Data Protection Regulation (GDPR) took effect. …

This article was written by Chris Salone, CISA, CCSFP, MBA In the final quarter of 2021, the Federal Deposit Insurance Corporation (FDIC), the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency (the agencies), issued a rule requiring any FDIC insured…

In March 2022, the Payment Card Industry Security Standard Council (PCI SSC) released its initial draft v4.0 of the standard.  Based on the initial draft release, the following critical changes are assumed to be incorporated into the new version of the PCI standard: For merchants, sensitive…

  February 24, 2022, Russia began its large-scale military invasion of Ukraine, one of its neighboring countries. Many international organizations, like Apple and Volkswagen, have taken a stance by applying sanctions against Russia in hopes of encouraging Russia’s President, Vladimir…

All organizations can face a disastrous outcome to a ransomware event, including the governmental entities. An outbreak is a painful event especially with the critical role these agencies have. The disruption of essential services to the public, health care, water & sewerage, education,…

The Bonadio Group and their cybersecurity division FoxPointe Solutions highly recommends and encourages that our customers invest in an ongoing compliance solution that can help support its company’s internal controls and compliance requirements before an internal audit is performed by an…

By: Christopher Salone, CISA CCSFP, MBA This past year proved to be a year of rapid development for the cybersecurity and IT landscape. As new threats emerged, others continued to develop and evolve. Throughout the year, the FFIEC, in an effort to help its institutions combat these threats, issued…

The ever-growing threat landscape and wide accessibility to the internet around the globe have made it easy for malicious actors to launch cyber-attacks and exploit vulnerabilities within an organization.  Big or small, organizations that possess data can be at risk to cyber criminals who want…

This article was written by Andrew Parks & James Merritt. Apache Log4j is an open-source library that is utilized by applications to facilitate logging requests. On December 9th, 2021 a vulnerability was reported (CVE-2021-44228 from the National Vulnerability Database) that impacts applications…

Overview Typically, the two primary goals of a company’s Payment Card Industry (PCI) governance program are to meet the intent of applicable controls and reduce the scope of PCI Data Security Standards (DSS) requirements enforced on the company’s environment. However, many companies do…

On July 13, 2021, the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC, and together with the Federal Reserve and the FDIC, the Agencies), requested comments on proposed…

All fraud begins with a line of thinking that follow three major factors: Opportunity, Rationalization, and Pressures. Rationalization is the excuse an individual uses to provide comfort or assurance that they need to commit fraud. An example of this could be: “I’ll put the money back, I…

In October 2020, the Federal Reserve Banks (FRB) posted an announcement to their website titled “Announcing the FedLine Solutions Security and Resiliency Assurance Program”.  The FRB’s FedLine Solutions are a critical component of the U.S. payment system.  FedLine is a…

Phishing is defined as a form of social engineering that use email or malicious websites to solicit personal information by posing as a trustworthy organization. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing is often in the news,…

Now in its 18th year, Cybersecurity Awareness Month continues to raise awareness about the importance of cybersecurity.  Every October since 2004 marks National Cybersecurity Awareness Month. This month raises awareness about the importance of cybersecurity and how to protect yourself from…

My career has taken me through a winding road of many areas including finance, manufacturing, education, and, today, information security.  My career has included 24 years in the manufacturing world, where I managed many risks including employee theft (check kiting and manipulation) and mail…

Our workplaces have become more mobile than ever before, largely due to advancements in technology being used by businesses for communication and collaboration. The circumstances related to the COVID-19 pandemic have expedited this movement by forcing most businesses and organizations out of their…

Stopping Ransomware In today’s world of everchanging technology, the fastest growing method of cyber-attacks is Ransomware.  “Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, and malicious actors…