Credit Union Connection

View Original

CU SOLUTIONS GROUP ISSUES STATEMENT ON RECENT CONTENT MANAGEMENT SYSTEM (CMS) VULNERABILITY

Today, CUSG is notifying its 275 Credit Union web services clients using CUSG’s proprietary content management system (CMS) of a temporary vulnerability that was discovered and promptly remedied on October 28, 2023.

The vulnerability was identified by LMG Security, a cybersecurity consulting firm on October 26, 2023, and was immediately remedied by CUSG within 48 hours. CUSG was able to make the fixes independently without client impact or exposure.

The CU trade press is being notified because LMG Security published a security statement that may have been picked up by certain media outlets. However, they failed to report that CUSG had immediately taken remedial action without client impact. CUSG has notified LMG of that omission and has asked that they clarify this for their readers.

Like other technology services providers, CUSG conducts regular audits, engages outside consultants, and relies on numerous partners to assure that all of its products minimize security risks for CUSG clients. Again, in this case, these continuous processes are an example of those efforts being successful.