If you use any type of mobile device in your day to day life….keep reading. Ignorance can only bring you so far!
Two separate studies of mobile devices have found serious privacy and security issues. One of the studies found that smartphones and tablet PCs can be eavesdropped on when they are being used to make purchases, conduct online banking transactions, or access VPNs (virtual private networks). Another study uncovered a number of ways to break into Apple’s iOS, its operating system for mobile devices. It is likely that cyber criminals will increasingly turn to mobile devices in their attacks as the devices become more and more commonplace in business transactions.
- New security flaws detected in mobile devices (usatoday.com)
- ThreatMetrix Releases Data on Mobile Device Transactions: Will Android Beat iOS on “Mobile Monday”? (prweb.com)
- Online Banking Trends (ally.com)
Trojan malware evolving swiftly as hackers customise code according to their needs
Citadel banking Trojan evolving through ‘open source’ development
Citadel, a computer Trojan that targets online banking users, is evolving and spreading rapidly because its creators have adopted an “open source” development model, according to researchers from cyberthreat management firm Seculert. The new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010 and its source codeleaked online a few months later.
“Seculert’s Research Lab discovered the first indication of a Citadel botnet on December 17th, 2011,” the security company claimed. “The level of adoption and development of Citadel is rapidly growing.”
Seculert has identified over 20 botnets that use different versions of this Trojan. “Each version added new modules and features, some of which were submitted by the Citadel customers themselves,” the company said.
The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects. “Similar to legitimate software companies, the Citadel authors provide their customers with a User Manual, Release Notes and a License Agreement,” Seculert said.
- Read More Here: http://www.computerworld.com/s/article/9224112/Citadel_banking_malware_is_evolving_and_spreading_rapidly_researchers_warn
- Citadel Banking Malware Is Evolving and Spreading Rapidly, Researchers Warn (pcworld.com)
- Malware devs embrace open-source (go.theregister.com)
- Collaboration Fuels Rapdid Growth of Citadel Trojan (krebsonsecurity.com)
As a leading provider of innovative online banking software solutions, eBank-IT! provides
an accessible venue for offering a full-valued online banking platform to your clients,
using a cross-browser interface that`s secure and free of complexities and considering
maximum privacy and data protection procedures, as well as a wide scope of contenual
functionalities, which exceed the standard scope of most major online banking systems
in the world. http://www.ebank-it.com/
Vulnerability-Lab Team (Chokri B.A.) discovered multiple refelctive web vulnerability on the Online Banking Software eBank-IT.
Multiple refelctive cross site vulnerabilities are detected on the online banking software eBank-IT.
The bug allows remote attacker to implement malicious script code on the application side.
Successful exploitation of the vulnerability allows an attacker to manipulate specific modules & can
lead to session hijacking (user/mod/admin).
Proof of Concept: The vulnerabilities can be exploited by remote attackers with low required user inter action. For demonstration or reproduce …
<td width=”7%”> <img src=”images2/icons/error.gif”></td>
<td width=”94%”>\”><img src=http://www.vulnerability-lab.com/gfx/partners/vlab.png /> </td>
<td colspan=”3″ align=”center”>\”><img src=http://www.vulnerability-lab.com/gfx/partners/vlab.png /> </td>
Risk: The security risk of the reflective xss vulnerabilities are estimated as medium.
Credits: Vulnerability Research Laboratory – Chokri B.A (Me!ster)
Your Feed back is encouraged: https://netsecurityit.wordpress.com/polls/
- Is Your Online Bank Vulnerable To Currency Rounding Attacks? (acrossecurity.com)
- Banks cooperate to beat online thieves (netsecurityit.wordpress.com)
- Gentoo Linux Security Advisory: MIT Kerberos 5: Multiple vulnerabilities X2 (netsecurityit.wordpress.com)
There are times when it behooves the banking industry to work together. The need to beat back the rising sophistication of hackers seems to present just such an opportunity.
Bank Technology News reports that more banks are cooperating with this goal in mind. In one noted example, Morgan Stanley, Goldman Sachs and other financial firms are “expected to meet with researchers from the Polytechnic Institute of New York University to discuss the creation of a new type of center that would sift through mountains of bank data to detect potential attacks.” In another initiative, Bank of America has “begun hosting experts from other major banks at quarterly informal roundtables, in which the rivals try to devise solutions to cyber security threats.”
Sharing information on a massive scale is always cause for concern from the industry’s point of view. But the threats to the entire system have ratcheted up and the industry may not have any choice but to collude behind a Big Data-oriented solution.
With that said, the industry would like to structure any data sharing initiatives such that no individual firm gives up too much proprietary information. We can only hope that these initiatives bear fruit quickly.
Read More: http://tinyurl.com/7r2zdnq
- Wireless Mobile Banking; Whats the Scoop? (netsecurityit.wordpress.com)
- Cyber-thieves using DDoS to distract banks and victims from spotting fraud (infoworld.com)
- 10 Resolutions Bank Marketers Can’t Ignore in 2012 (Contributor) (bradleyleimer.com)