Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

9/16/2015
03:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

FS-ISAC Announces Arrangement with Federal Reserve Banks to Share Threat Intelligence

Reston, VA – 16 SEPTEMBER 2015 – The Financial Services Information Sharing and Analysis Center (FS-ISAC) today announced an arrangement with the Federal Reserve Banks to provide direct access to FS-ISAC security threat information to over 10,000 of their financial institution customers.

Under the terms of the agreement, FS-ISAC will allow the Federal Reserve Banks to provide their customers with access to the Weekly Risk Summary report, designed for community institutions and delivering timely and actionable information on significant security threats to board and C-level personnel.  The report provides a high level summary of threats, identifies the risk to community institutions and suggests actions that these organizations can take to remediate the risks.

“Over the past 18 months, FS-ISAC has made a substantial investment in staff, programs and services designed specifically for community institutions. Some of these include our Community Institution Council, Payments Risk Council, Broker Dealer Council, risk reports, crisis playbooks, simulation exercises, workshops and of course the platforms and processes to enable member to member information sharing,“ said Bill Nelson, president and CEO, FS-ISAC. “This arrangement with the Federal Reserve Banks broadens the reach of FS-ISAC and will enable thousands of community and regional institutions to experience how valuable the latest information sharing tools can be.”

About FS-ISAC

The Financial Services Information Sharing and Analysis Center (FS-ISAC) is a non-profit corporation that was established in 1999 and is funded by its member firms.  The FS-ISAC is a member-driven organization whose mission is to help assure the resilience and continuity of the global financial services infrastructure and individual firms against acts that could significantly impact the sector’s ability to provide services critical to the orderly function of the global economy.  The FS-ISAC shares threat and vulnerability information, conducts coordinated contingency planning exercises, manages rapid response communications for both cyber and physical events, conducts education and training programs, and fosters collaborations with and among other key sectors and government agencies.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I like the old version of Google assistant much better.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...