1873 matches found
Operation High Roller Banked on Fast-Flux Botnet to Steal Millions
A fraud ring that attacked financial transfer systems in an attempt to get at wealthy high-end banking customers used a complicated web of malware and compromised servers in several countries to walk off with an estimated $78 million earlier this year. While the attacks targeted financial systems...
Cybercrime Gang Recruiting Botmasters for Large-Scale MiTM Attacks on American Banks
A slew of major American banks, some already stressed by a stream of DDoS attacks carried out over the past 10 days, may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers. RSA’s FraudAction research team has been monitoring undergroun...
Developer Warns Millions of Virgin Mobile Subscribers About Authentication Flaw
An Alamo, Texas developer on Monday warned Virgin Mobile U.S. subscribers that their accounts can be hacked after the company failed to respond with a fix. “I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the...
Looking to Bolster Security, Dropbox Adds Two-Factor Authentication
Several weeks after announcing that some of its users’ log-ins and passwords had been stolen, file storage company Dropbox announced it has added a two-step authentication process over the weekend to help reinforce the security of its users’ accounts. The added layer of security is currently...
Airport VPN hacked using Citadel malware
It sounds like an air traveler's nightmare, Researchers at Trusteer recently uncovered a variant of the Citadel Trojan targeting the virtual private network VPN credentials used by employees at a major airport.The firm would not disclose the name of the airport because the situation is being...
Dropbox Blames Breach for Recent Spam Targeting Customers
Over the last few weeks an attacker used a collection of illicitly obtained usernames and passwords to infiltrate a number of Dropbox accounts, including one belonging to a Dropbox employee. The usernames and passwords were stolen from other, third-party websites, Dropbox officials said, finally...
Cloudflare CEO: AT&T Voicemail Hack Key To Compromise
Loose security protecting voice mailboxes at mobile carrier AT&T provided a key element necessary to successfully hack the Google Enterprise Apps account of tech firm CloudFlare, according to an account of the hack posted by CEO Matthew Prince. Writing on the company’s blog on Monday, Prince said...
House Hearing to Address Capital Market Threats
The House Committee on Financial Services is hosting a hearing tomorrow in which they will explore the various cyber threats targeting capital markets and government sponsored enterprises. Entitled “Cyber Threats to Capital Markets and Corporate Accounts,” the hearing in front of the Committee on...
Tiny New Tinba Banker Trojan Found Stealing Financial Data
Security researchers have discovered a tiny new banking Trojan that comprises just 20 KB of code and uses a number of well-word man-in-the-browser tricks in an attempt to defeat two-factor authentication. Known as Tinba, the new malware doesn’t bother with any encryption or packing and yet is...
New VPN Hunter Service Scans Domains For Remote-Access Systems
If there’s one thing attackers love, it’s readily accessible remote-connection services running on a target company’s network. Once an attacker knows that an organization is running a specific kind of VPN or has RDP enabled on a bunch of machines, he can then start looking for known vulnerabiliti...
Data encryption : PrivateSky Secure Information Exchange platform
Data encryption : PrivateSky Secure Information Exchange platform CertiVox today unveiled a breakthrough in information security: PrivateSky Secure Information Exchange SIXTM platform. The new service provides fast, easy-to-use protection for email, files and other information sent via the cloud,...
RSA SecurID Software Token Installed
RSA SecurID Software Token, a two-factor authentication application, is installed on the remote Windows host. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid57348; scriptversion"1.10"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10";...
What About Fob?
Few things sent shockwaves to all corners of the security community like news in March that RSA’s popular SecurID two-factor authentication tokens had been rendered all but useless by a small but cleverly targeted phishing campaign that included a payload of a malicious Flash object embedded in a...
Authenex A-KeyASAS Web Management Control 3.1.0.2 - Blind SQL Injection
Authenex A-KeyASAS Web Management Control 3.1.0.2 - Blind SQL Injection ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-002 - Original release date: September 21, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at...
Authenex A-Key/ASAS Web Management Control 3.1.0.2 (latest)
Exploit for multiple platform in category web applications ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-002 - Original release date: September 21, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Securi...
'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety
'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety Google's first ever advertising campaign for online safety launches today, in association with the Citizens Advice Bureau. It covers topics such as choosing a password, scam emails and using two factor...
'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety
'Good to Know' campaign : Google Collaborates with Citizens Advice Bureau for Online Safety Google's first ever advertising campaign for online safety launches today, in association with the Citizens Advice Bureau. It covers topics such as choosing a password, scam emails and using two factor...
Adobe Says It Is Breaking Ties To Diginotar
Software giant Adobe said on Thursday that it was removing Diginotar’s Qualified CA certificate from the Adobe Approved Trust List AATL, according to a company blog post. The move would effect Adobe Reader and Adobe Acrobats Versions 9 and X. It is just the latest move by major software vendors t...
Mozilla Asks Firefox CAs to Audit Security Systems in Wake of DigiNotar Hack
Already having revoked trust in the root certificates issued by DigiNotar, Mozilla is taking steps to avoid having to repeat that process with any other certificate authority trusted by Firefox, asking all of the CAs involved in the root program to conduct audits of their PKIs and verify that...
Obama-Favored Think Tank Used as Bait in Spear Phishing Attacks
Spear phishing attacks against U.S. government officials, politicians and public policy wonks are using a D.C. think tank favored by the Obama Administration as bait, according to a report from researcher Mila Parkour. A new report out from virus researcher Mila Parkour on the blog Contagio says...