On September 29, 2014, the FDIC, on behalf of the Federal Financial Institutions Examination Council, issued an alert to banks on recently discovered material vulnerabilities in the security of the GNU Bourne-again shell system software -- nicknamed “Bash” -- commonly used by bank servers and computers. Researchers reported the newly discovered vulnerability -- nicknamed “Shellshock” -- in Bash versions 1.14 through 4.3 on September 24, 2014.
Entries in FDIC (20)
The Summer 2014 edition of the FDICs Supervisory Insights Journal is now out. This edition includes two articles: (1) an article advising banks on how to meet regulatory expectations without outside consultants; and (2) an article summarizing common risks to banks as identified through FDIC examinations. The Journal concludes with a Regulatory and Supervisory Roundup listing recent Dodd-Frank rulemakings, FAQs, seminar listings, and operational guidance.
The Spring 2014 issue of the FDIC Consumer Newsletter is now out. This quarter, the focus is on helping consumers “Save at the Bank.” The articles include tips for consumers to:
- Lower their banking fees, including checking fees, lowering mortgage costs, and refinancing consumer loans;
- Reduce the risk of fraud and theft, and
- Tips on person-to-person (P2P) payments.
A full color copy of the newsletter is available here.
The FDIC’s May 27, 2013 announcement can be found here.
On May 8th, 2014, the FDIC released a Resource Guide to help banks meet their community credit and development goals, as required under the Community Reinvestment Act. The Resource Guide focuses on opportunities to work with community development financial institutions (CDFIs).
On April 2, 2014, the FDIC issued a Financial Institution Letter notifying banks of recent “large dollar” ATM fraud and related cyber-attacks aimed at tapping into web-based control panels for ATMs. The FDIC highlighted a recent $40 million theft involving the use of 12 debit card accounts. The FIL included guidance for financial institutions related to reducing financial and other risks associated with cyber-attacks.