December 21, 2021
The Cybersecurity and Infrastructure Security Agency (CISA) issued guidance regarding the Apache Log4j vulnerability. All financial institutions should be assessing the risk to their systems and implementing necessary remediation measures. Financial Institutions are encouraged to obtain updates and threat and vulnerability information from the Cybersecurity and Infrastructure Security Agency at https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance.
March 26, 2021
CISA has issued a new alert for detecting post-compromise threat activity using the CHIRP IOC Detection Tool. The tool to assist network defenders with detecting activity related to the supply chain compromises affecting SolarWinds and Active Directory/Microsoft 365. Click here to access the alert.
March 16, 2021
UPDATE: Microsoft Exchange Server Vulnerability
CISA has updated Alert AA21-0762A regarding the Microsoft Exchange Server Vulnerability with further guidance. Click here to access the updated alert.
March 12, 2021
Microsoft Exchange Server Vulnerability
CISA Emergency Directive 21-02: The Cybersecurity & Infrastructure Security Agency (CISA) has issued Emergency Directive 21-02 regarding Microsoft Exchange On-Premises Product Vulnerabilities. Additional information may be found here. All institutions should be assessing their own and vendor exposure to the Microsoft Exchange vulnerability and taking necessary mitigation steps.
February 12, 2021
The Bankers Electronic Crimes Taskforce (BECTF), State Bank Regulators and the United States Secret Service has developed a Ransomware Self-Assessment Tool. The tool was developed to help financial institutions assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security. This tool provides executive management and the board of directors with an overview of the institution's preparedness towards identifying, protecting, detecting, responding, and recovering from a ransomware attack. For more information click here.
December 21, 2020
ALERT - SolarWinds Orion Platform Software IT Incident
On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert regarding an active exploitation of SolarWinds Orion Platform. All financial institutions should be assessing the risk to their systems and implementing necessary remediation measures.
Financial Institutions are encouraged to obtain updates and threat and vulnerability information from the Cybersecurity and Infrastructure Security Agency at or through the Financial Services Information Sharing and Analysis Center (FS-ISAC).
The below are links to additional resources financial institutions may refer to as they conduct their risk assessments and determine applicable remediation steps.
March 16, 2020
Any document that will be mailed to the Bureau of Credit Union and Trust Supervision must also be sent electronically to the following email address: RA-BNCUSUBMISSIONS@pa.gov. Any institutions that sent documents via mail within the last 3 days should re-send those documents electronically to the aforementioned email address. If you have a concern about documents mailed recently, please contact Angie Smith at +1 (717) 783-2253 or email at email@example.com.
All checks should still be sent to the Bureau of Credit Union and Trust Supervision through regular mail with the original filing. Electronic copies of the original filing and a copy of all applicable checks should be sent electronically to the following email address: RA-BNCUSUBMISSIONS@pa.gov. General questions regarding filings should be addressed to Angie Smith at +1 (717) 783-2253 or email at firstname.lastname@example.org.
July 29, 2019
Secretary's Letter on LIBOR Transition (PDF)
The Department urges state-regulated banks, credit unions, and financial services companies to take action and prepare for the replacement of London Interbank Offered Rate (LIBOR).
November 13, 2017
Secretary's Letter on Cybersecurity (PDF)
The Department continues to work collaboratively with federal regulators, other states financial regulators, and other Commonwealth agencies to address cybersecurity challenges.
A Presidential Policy Directive (PPD-41) released on July 26, 2016, sets forth principles governing the federal government’s response to any cyber incident, whether involving government or private sector entities. For significant cyber incidents, PPD-41 also establishes lead federal agencies and an architecture for coordinating the broader federal government response. Learn more: http://bit.ly/2aeAUtZ