Kaspersky Lab experts have discovered a modification of the Gugi banking trojan that can bypass new Android 6 security features designed to block phishing and ransomware attacks. The modified trojan forces users into giving it the right to overlay genuine apps, send and view SMS, make calls, and more. It is spread through social engineering and its use by cybercriminals is growing rapidly. Between April and early August, 2016, there was a ten-fold increase in its number of victims. The Gugi Trojan’s aim is to steal users’ mobile banking credentials by overlaying their genuine banking apps with phishing apps and to seize credit card…
Author: ISBuzz Team
Research finds business leaders put reputation and long-term success at risk by not following protocol London, UK. Although they handle their organisation’s most confidential and sensitive information, mid-market MDs and CxOs could be the weakest link when it comes to safeguarding that information. Research into information management and security practices in the mid-market commissioned by leading storage and information management company Iron Mountain (NYSE: IRM) suggests that business leaders are the worst offenders when it comes to mismanaging sensitive business information. Over half (57%) the CxOs/MDs questioned say they have left business-sensitive or confidential information on the printer for all to see: just under…
Following the news that HSBC is rolling out a new system where customers can open a bank account with a selfie. Hans Zandbelt, Senior Technical Architect at Ping Identity commented below. Hans Zandbelt, Senior Technical Architect at Ping Identity: “The banking industry is a beacon of best practice when it comes to implementing new identity-defined technologies. Last year, we saw RBS roll out fingerprint authentication for online banking customers. HSBC has also recognised the power of authentication by customer identity, with the introduction of selfies to open a bank account in the first place- a progressive move, as the retail…
Overview: This is the second in a series of blogs collecting the recent activity of the current top exploit kits. Exploit kits are rapidly deployable software packages designed to leverage vulnerabilities in web browsers to deliver a malicious payload to a victim’s computer. Authors of exploit kits offer their services for sale, distributing malware for other malicious actors. Find our previous round-up here (https://www.zscaler.com/blogs/research/top-exploit-kit-activity-roundup). Neutrino Exploit Kit In our previous roundup, we noted that the EITest campaign had begun redirecting primarily to Neutrino landing pages since Angler exploit kit activity abruptly stopped in early June 2016. EITest gates have continued…
Following the news, regarding the data breach from a forum closely related to popular adult website Brazzers, which exposed the details of 800,000 users. Jon Geater, Chief Technology Officer, Thales e-Security commented below. The leak, which was disclosed by a breach notification website called vigilante.pw, contained 790,724 email records in total, alongside forum usernames and even plain-text passwords. Jon Geater, Chief Technology Officer at Thales e-Security: “This kind of hack highlights the complexity of maintaining personal privacy and security online, and keeping your private life private. Although this particular incident concerns an adult site the flaw came from a piece of…
Every day brings news stories about ransomware attacks on schools. ESET Ireland offers some tips on handling this threat. The full list is available on ESET Ireland’s blog. Criminals know that the data under the care of schools are very valuable to students and staff, and this makes them a potentially lucrative target. By taking the time to prepare before an emergency happens, you can minimize the risk of losing access to your data or of having to pay criminals to regain it. What makes schools unique? Not only do many students and teachers use the same computers in schools, but schools generally encourage…
Following the news that HSBC is to introduce selfie authentication to business customers, IT security experts from ACI Worldwide, Yoti and Mindtree commented below. Lu Zurawski, Solutions Practice Lead, Consumer Payments EMEA at ACI Worldwide: “It appears that the banking industry may be ready to branch away from rigid PINs and password challenges, with the move towards “selfie pay” the latest hook in “biometric banking”. The use of physical unique identifiers appears to be slowly catching up with the more traditional payment tokens like cards and mobiles. These new techniques based on biometric information will certainly be easier for some consumers to use, and they…
After many years of working with clients trying to protect industrial systems – from oil refineries to railway systems – one thing is clear: critical infrastructure needs special attention. Like all companies, industrial facilities depend on computers and software, but the range of technological solutions used is very different from a typical office. You can find ten-year-old machines still working as though they are as good as new, and operators that are not worried about the cost of replacement. In fact, it’s not uncommon to find ten-year old machines, some of which are running outdated operating systems such as Windows XP.…
UK Government communications agency and defence prime host joint cyber recruitment challenge 30 contestants to be tested on the growing threat of smartphone hacking modelled on real-life Top candidates will qualify for Masterclass grand finale in November London. This past weekend, BAE Systems, Her Majesty’s Government Communications Centre (HMGCC) and Cyber Security Challenge UK hosted a unique national cyber forensics investigation in the heart of London. The staged attack replicated some of the emerging threats around smartphones and tablets, which are becoming increasingly valuable to hacking groups. The cyber amateurs, selected from a series of national online qualifying rounds, were…
Unparalleled levels of hacker professionalism mean businesses need to take extra security measures to keep their data safe A first-of-its-kind iPhone hack was revealed late last week, less than a year after Apple told a US court that its smartphones are impossible to break into without a passcode. Thought to have been perpetrated by secretive cyber-organisation the NSO Group, this is a high-profile example of how app providers and businesses need to stop relying on operating system providers or third parties to keep their data safe in the face of highly professional hackers. This is according to app security specialists Promon. The malware…