Information Security all in one place!

Posts tagged “Online banking

Mobile Devices and the Growing Concern


A pile of mobile devices including smart phone...

If you use any type of mobile device in your day to day life….keep reading. Ignorance can only bring you so far!

Two separate studies of mobile devices have found serious privacy and security issues. One of the studies found that smartphones and tablet PCs can be eavesdropped on when they are being used to make purchases, conduct online banking transactions, or access VPNs (virtual private networks). Another study uncovered a number of ways to break into Apple’s iOS, its operating system for mobile devices. It is likely that cyber criminals will increasingly turn to mobile devices in their attacks as the devices become more and more commonplace in business transactions.

Related Information: http://www.usatoday.com/tech/news/story/2012-04-08/smartphone-security-flaw/54122468/1

Proof of Concept Video: http://bcove.me/44ip4sgw

Advertisements

Researchers Warn:Trojan evolving through ‘open source’ development


Trojan malware evolving swiftly as hackers customise code according to their needs

 

Source: http://www.computerworld.com/s/article/9224112/Citadel_banking_malware_is_evolving_and_spreading_rapidly_researchers_warn

 Citadel banking Trojan evolving through ‘open source’ development

Citadel, a computer Trojan that targets online banking users, is evolving and spreading rapidly because its creators have adopted an “open source” development model, according to researchers from cyberthreat management firm Seculert. The new piece of malware is based on ZeuS, one of the oldest and most popular online banking Trojans. ZeuS was abandoned by its creator in late 2010 and its source codeleaked online a few months later.

English: I constructed this image using :image...

“Seculert’s Research Lab discovered the first indication of a Citadel botnet on December 17th, 2011,” the security company claimed. “The level of adoption and development of Citadel is rapidly growing.”

Seculert has identified over 20 botnets that use different versions of this Trojan. “Each version added new modules and features, some of which were submitted by the Citadel customers themselves,” the company said.

The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects. “Similar to legitimate software companies, the Citadel authors provide their customers with a User Manual, Release Notes and a License Agreement,” Seculert said.



Banks cooperate to beat online thieves


spyware_protection.jpg

PC Spyware Protection 2011 Click Here

There are times when it behooves the banking industry to work together. The need to beat back the rising sophistication of hackers seems to present just such an opportunity.

Bank Technology News reports that more banks are cooperating with this goal in mind. In one noted example, Morgan Stanley, Goldman Sachs and other financial firms are “expected to meet with researchers from the Polytechnic Institute of New York University to discuss the creation of a new type of center that would sift through mountains of bank data to detect potential attacks.” In another initiative, Bank of America has “begun hosting experts from other major banks at quarterly informal roundtables, in which the rivals try to devise solutions to cyber security threats.”

English: Logo for Polytechnic Institute of New...

Sharing information on a massive scale is always cause for concern from the industry’s point of view. But the threats to the entire system have ratcheted up and the industry may not have any choice but to collude behind a Big Data-oriented solution.

With that said, the industry would like to structure any data sharing initiatives such that  no individual firm gives up too much proprietary information. We can only hope that these initiatives bear fruit quickly.

Read More: http://tinyurl.com/7r2zdnq

driver_updater.gif

Related articles


Bot blackmails Facebook users


Image representing Trusteer as depicted in Cru...

Image via CrunchBase

Security specialists at Trusteer have discovereda variant of the Carberp trojan that pretends to suspend a user’s Facebook account. The malware hooks into the victim’s browser and intercepts requests that are sent to Facebook’s servers.

When a user tries to access the social network, the malware displays a message saying that the account has been temporarily suspended, and that a payment of €20 is required to verify the user’s personal data. Payment is to be made via Ukash– an anonymous payment system that doesn’t allow recipients to be traced.

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Carberp’s behaviour is similar to that of the now widespread variants of the BKA trojan, which lock down victims’ computers and claim that they will only be unlocked once a payment has been made. This type of malware is referred to as ransomware; in most cases, paying the ransom has little or no effect.

Carberp is a trojan toolkit that criminals have primarily used to compromise online banking facilities. It spreads using methods such as compromised PDF and Office files, and contains remote control functions that allow it to accept and execute arbitrary commands from the botnet operators.

Read More: http://tinyurl.com/7y262oa