Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing.”
On Tuesday, Magal Baz, security researcher at Trusteer IBM disclosed new research, exposing the new Dridex version 4, which is the latest version of the infamous financial Trojan and its new capabilities.
Dridex is one of the most well-known Trojans that exhibits the typical behavior of monitoring a victim’s traffic to bank sites by infiltrating victim PCs using macros embedded in Microsoft documents or via web injection attacks and then stealing online banking credentials and financial data.
Yahoo has just revealed that about 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password.
These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months.
The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the “same state-sponsored actor” thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts.
Would you do business with criminal?
Do you trust someone that steals?
You would be shocked to find out how many unprofessional business out there are too stingy to pay to have someone create a logo for them so they just STEAL someone else’s logo. In our case over 70 individual have stolen our logo to user as an image on their website or even as their business logo, most of these so call businesses are actually based in the US. Some even claim to be security Companies and security consultants.
If you see this exact logo on any website except securityitrust.com then you are more then likely look at that website of some one who has no regard for copyright.
Logo stolen form Security I Trust
From our investigation in to this we are shocked at the unprofessional claim and action from US individuals regarding the unauthorized use of our logo:
- We were you partner and did business together in the past so I taught I could use you logo. This was just lies as the person never worked with us.
- You gave me permission 7 year ago to user it. Again another lie
- I taught that all images you find using a search engine are free for anyone to do what they like with.
- It did not have a big copyright disclaimer wrote across it, so I taught it was ok to use.
- It’s not a great logo so why do you care about it. If this individual taught it was not so great then why did he user is on his website.
- I now have a sour feeling towards you but I will remove the logo form my site. So this person thinks that we should be worried that he is unhappy because we identified the stolen content on his website.
- But the one the really hits the nail on the head is a US company offering to help people with Intellectual Property, and identity protection – they are using this stolen logo on their home page.
I could go on but it’s a disgrace the comments, lies and excuses we are receiving form US individuals. Regards other countries where we contacted website owners some replies with a simple apology, and other just removed the log.
At no time, since the date this logo was created did we give any individual or business the right to use any of our logo.
Late last week the FBI was forced to make yet another public service announcement on the growing ransomware epidemic. In it, the Bureau pleaded with businesses to report infections, so that the authorities can get a better idea of the scale of the problem they’re facing. It also warned that cybercriminals are increasingly targeting business servers in the hope of infecting more machines and extracting a greater ransom from their victims.
This tells us two things: that the authorities still haven’t got a handle on the problem facing citizens and businesses, and that organisations are failing to put in place layered security to lock down risk across multiple threat vectors. We address both in a new report out this week.
Do we fail to take Data Security Seriously? From my experience most companies I have seen fail to take data security seriously.
The sad fact is that In the life time of most companies a Breach will happen, but with good Data Security in the form of encryption the stolen data can be rendered as useless to the attacker, so your company and your customer are not impacted. Since 2013 only in 4% of breaches was the data rendered as useless to the attacker because companies acted responsibly and used encryption.
Breach Level Index
Scotland Yard involved in European raids and arrest of key member of DDoS extortionist gang DD4BC. Police have arrested at least one member of the notorious hacker gang DD4BC, which has been waging a two year extortion campaign against banks and businesses. The suspected member of the group was arrested after a global police operation tracked down the gang to Bosnia-Herzegovina.
Older versions of Internet Explorer and Windows 8 OS receive their last patch update. Microsoft has delivered its last Patch Tuesday for users of the Windows 8 operating system, and older versions of Internet Explorer (8, 9 and 10), issuing nine bulletins – six of which are rated as critical. “The first Patch Tuesday of 2016 turns out to be low in numbers, but broad and packing quite a punch: six of the nine bulletins are rated critical, including the Windows Kernel and Office bulletins,” blogged Qualys CTO Wolfgang Kandek.
Workers may need to take extra care about who they are speaking to after a top European court ruled that companies are within their rights to monitor and read private messages sent by their employees during work hours.
The European Court of Human Rights (ECHR) said a firm that read one employee’s private chats sent while he was on the clock was within its rights to sack him for not completing his professional duties within his contracted hours.
However, it warned that such policies must also protect workers against widespread snooping, and recommended that companies draw up policies to define exactly what information they are allowed to monitor and collect
World’s most complex cash register malware plunders millions in US • The Register
The world’s most complex sales till malware has been discovered … after it ripped millions of bank cards from US retailers on the eve of post-Thanksgiving shopping frenzies.
The ModPOS malware has pilfered “multiple millions” of debit and credit cards from the unnamed but large retail companies incurring millions of dollars in damages.
The attackers have operated in a low-key, ultra professional manner since late 2013 and has only come to light after weeks of painstaking reverse-engineering efforts by malware experts.
They have kept mum, too. Cybercrime forums are entirely devoid of references to the malware.
“This is POS [point-of-sale] malware on steroids,” iSight Partners senior director Steve Ward says. “We have been examining POS malware forever, for at least the last eight years and we have never seen the level of sophistication in terms of development …[engineers say] it is the most sophisticated framework they have ever put their hands on.”
Ward says his team took three weeks to debride one of ModPOS’ three kernel modules. By contrast it took the same experts 30 minutes to reverse engineer the Cherry Picker POS malware revealed last week.
The “incredibly talented” authors have done an “amazing job” and have such an understanding of security that the work has impressed the white hat engineers.
“It is hard not to be impressed,” Ward says.
He says the criminals have spent a “tonne” of time and money on each packed kernel-driver module which behaving like a rootkit is as difficult to detect as it is to reverse.
That approach to the 0module build is novel.
The anti-forensics componentry is highly-sophisticated, meaning most businesses that the advanced Eastern European attackers have popped will not know the cause of the attack.
It is clearly a tool targeted designed for large-scale revenue generation and return on investment.
Ward and his colleagues have briefed more than 80 major retailers across the US, all of which are on high alert for infection.
He says the attack group will need to change parts of its codebase to re-gain some of its now lost obfuscation, but adds that some changes will be much harder to implement than others.
The encryption used for network and command and control data exfiltration and communication is protected with 128 bit and 256 bit encryption, with the latter requiring a new private key for each customer.
This makes it much more difficult to know what data is being stolen, unlike other sales register malware that slurp details in cleartext.
For this full news report go to theregister.co.uk
Could your company be facing Legal action if you continue to transfer data on EU individual to the US after 31st January 2016.
On 6 October 2015, the European Court of Justice (ECJ) ruled that the commission’s adequacy decision on the EU-US Safe Harbour arrangement is invalid.
The Pan-Europe Data Protection has warned that if no agreement is reached by the end of January 2016, they are committed to take all necessary and appropriate actions. This would appear to mean that business engaged in the transfer of data to the US will have to hope that new laws are agreed otherwise their action could be deemed unlawful.