Cybersecurity RESOURCES

When 89-year-old Victoria (Canada) resident picked up the phone, the caller ID displayed: Canadian Imperial Bank of Commerce (CIBC) Fraud Department. What followed was a months-long deception that ended with nearly $1.7 million in cash, bank drafts, and gold gone.

As you prepare for the holidays, it’s important to remember that cybercriminals are preparing too! Now is the perfect time to strengthen your cybersecurity! Here are some important tips to keep your data and devices safe while you enjoy the holidays!

Canvas Credit Union, based in Lone Tree, Colorado, serves over 300,000 members and holds more than $4 billion in assets. The institution faced the challenge of demonstrating continuous and comprehensive cybersecurity oversight. It needed a system capable of aggregating and analyzing log and firewall data around the clock to ensure account safety and compliance confidence.

Citizens National Bank of Texas, headquartered in Waxahachie, manages more than $1.9 billion in assets with a staff of 159 employees. The bank struggled with limited internal cybersecurity expertise, which left it vulnerable to threats. It needed improved detection, monitoring, and reporting capabilities to reduce risks and enhance visibility across its digital environment.

Axos Bank, headquartered in San Diego, California, employs approximately 1,375 people and manages over $23 billion in assets. The bank faced challenges with a previous cybersecurity provider that lacked attention to detail and operated inefficient global processes that were not customized for the bank’s specific needs. This lack of tailored service led to inefficiencies and vulnerabilities across its digital infrastructure.

DEXSTA Federal Credit Union, based in Wilmington, Delaware, holds over $400 million in assets, has 68 employees, and serves more than 35,000 members. Following network and architectural innovations that created new vulnerabilities, DEXSTA engaged PureIT to evaluate cybersecurity solutions. The goal was to ensure that the bank’s systems remained protected during its modernization efforts.

Community West Credit Union, located in Kentwood, Michigan, operates with approximately $250 million in assets, 65 employees, and around 19,000 members. In early 2021, Community West CU was preparing for an examination that would elevate them to the next peer group. Faced with the challenges of having only two personnel managing their security, numerous disjointed systems, and impending reporting obligations, they recognized the need for a more efficient cybersecurity solution.

Boards demand clarity on security, proof, and risk. Learn how banking-specific MDR delivers the metrics, evidence, and insight CISOs need to lead with confidence.

Discover how tabletop exercises turn your financial institution’s incident response plan into real-world readiness, ensuring your team is prepared to protect trust, minimize chaos, and respond confidently when every second counts.

Year after year, the data tells the same story: people remain the prime target in cyberattacks. Now, with attackers using AI to clone voices and craft convincing scams, the human element has become both our greatest risk and greatest opportunity. That’s why we’re revisiting the article, “The Human Firewall: Strengthening the Weakest Link in Cybersecurity,”  because the strongest defense in 2025 is still built on the collaboration of technology, culture, and leadership to strengthen the human firewall.

Great Lakes Credit Union (GLCU), located in Bannockburn, Illinois, manages $1.4 billion in assets, serves 111,090 members, and employs approximately 231 people. The credit union faced challenges with disjointed security and risk systems, limited capacity within a small security team, and manual, labor-intensive processes. These issues made it difficult to correlate data for actionable insights and expand cyber event monitoring, leading to inefficiencies in operations and delayed responses to potential threats.

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. Cisco has released software updates that address this vulnerability.

Generic cybersecurity solutions may look strong on paper, but for banks and credit unions they leave dangerous gaps. This blog exposes the illusion of “all-in-one” MDR services and explains why financial institutions face unique threats that generic models can’t handle.

MostereRAT is a recently identified banking malware that has evolved into a sophisticated remote access trojan (RAT), currently targeting Microsoft Windows users in Japan. It currently remains unclear whether they intend to expand their campaign globally. These attacks typically begin with a phishing campaign designed to establish stealthy, long-term control over victims’ systems.

DefenseStorm is aware of recent reports regarding a breach involving Palo Alto and certain types of data. Please see the most recent update below, taken directly from Palo Alto’s blog page about the incident.

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” This flaw affects various devices, including the latest iPhone, iPad, and Mac models.

Cisco has disclosed a critical vulnerability in the RADIUS authentication subsystem of its Secure Firewall Management Center (FMC) software. An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary shell commands at a high privilege level.

There has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled. This includes threat activity highlighted by several third-party cybersecurity research teams.

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. Cisco has released software updates that address these vulnerabilities. Read the recommendations compiled from Cisco’s security advisory page.

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update. Read the guidance from Microsoft regarding SharePoint vulnerability CVE-2025-53770.

As businesses continue to embrace remote work and digital collaboration in 2025, Remote Access Tools (RATs) have become essential for maintaining productivity and supporting distributed teams. Yet, these powerful platforms also present a growing security challenge, as cybercriminals increasingly exploit vulnerabilities, misconfigurations, and user trust to infiltrate networks.

Generative AI is rapidly reshaping the cybercrime landscape, enabling threat actors to launch faster, more convincing, and highly scalable attacks. As defenders explore AI for productivity and automation, cybercriminals are exploiting the same tools to streamline fraud, malware development, phishing, and vulnerability exploitation.

Lumma Stealer—a powerful information-stealing malware that has wreaked havoc across the globe—made headlines in 2025. The Malware-as-a-Service (MaaS) platform, also known as LummaC2, allows cybercriminals to rent and deploy malware designed to steal sensitive information from infected devices. First surfacing in 2022, it has rapidly evolved into one of the most notorious info stealers on the dark web.

Financial institutions are facing an alarming rise in sophisticated cyber fraud, often overlooked due to siloed operations among departments. To address this, FS-ISAC has published “Leveling Up: A Cyber Fraud Prevention Framework for Financial Services,” which offers a structured approach to improve coordination, enhance investigations, and prevent losses. Here’s a brief overview of its contents and how DefenseStorm can help implement this vision.

A new phishing tool called Astaroth threatens the security of online accounts globally. This malicious tool bypasses two-factor authentication (2FA), which is meant to be a vital layer of protection for private accounts, enabling hackers to steal sensitive information such as usernames, passwords, credit card details, bank information, and more.

On Friday March 28, 2025 CISA released a report with analysis of a new malware variant CISA has identified and named as RESURGE. RESURGE is a persistent malware that shares similar characteristics to the malware SPAWNCHIMERA. Please review the information that is taken directly from CISA and compiled by DefenseStorm Director of Cyber Threat Intelligence to learn more about RESURGE, its capabilities, and attack vectors.

Business Email Compromise (BEC) is a sophisticated email scam where cybercriminals trick victims into transferring funds or sharing sensitive data. Learn more about common BEC attack types, how they work, and essential strategies for protection.