Security News
The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. We're told only a small fraction of the crooks lurking on the boards were commercial traders buying and selling stolen cards for cybercrime use.
Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."
Barclays Bank appears to have been using no less than the Internet Archive's Wayback Machine as a "Content distribution network" to serve up a Javascript file. Archive.org went down, it would presumably break Barclays' website as well.
The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.
The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.
Safe Systems, a national provider of fully-compliant IT and security services for community banks and credit unions, announced the availability of NetInsight, a cyber risk reporting tool designed to help community banks and credit unions fill gaps in reporting to meet examiner expectations and provide actionable data to internal stakeholders. Many community financial institutions struggle to efficiently identify threats and assess risks due to limited visibility into their networks and lack of quality cyber risk reports.
A new ransomware strain called Tycoon is seeking to wheel and deal its way into the Windows and Linux worlds, using a little-known Java image format as part of its kill chain. Working with KPMG's UK Cyber Response Services, the researchers analyzed a targeted attack using the previously unknown malware on an organization's domain controller and file servers.
Creeps give away money to harass recipients with abusive transaction descriptions on bank statements
Creeps in Australia have given away money in order to harass people with abusive transaction descriptions that appear in online banking records. Australia's Commonwealth Bank revealed the practice today after finding over 8,000 customers had received such messages.
Reposify unveiled research findings of critical asset exposures and vulnerabilities in attack surfaces of the world's leading multinational banks. Researchers measured the prevalence of exposed sensitive assets including exposed databases, remote login services, development tools and additional assets for 25 multinational banks and their 350+ subsidiaries.
Researchers have analysed a new strain of Android malware that does not yet exist in the wild. EventBot asks the user for permission to use accessibility services, a powerful feature since these services require extensive permissions in order to work, including acting as a keylogger, for example, and running in the background.