ESET analyzes new malware samples used by the Carbanak financial APT group previously responsible for the theft of millions of dollars, credit cards and intellectual property. ESET has analysed new malware samples used by the Carbanak financial APT group previously responsible for the theft of millions of dollars, credit cards and intellectual property. The Carbanak group keeps attacking specific targets related to the finance industry, including banks, Forex-trading companies, and even an American casino hotel. At the end of August, ESET telemetry has detected traces of activity of the infamous APT group, a.k.a Carbanak. ESET researchers investigating this gang’s activities…
ISBuzz Team
Usually, these disclosure notices contain one, maybe two vulnerabilities on one product. Not so for this one; we’ve got ten new vulnerabilities to disclose. If you were out at DEF CON 23, you may have caught Mark Stanislav’s workshop, “The Hand that Rocks the Cradle: Hacking IoT Baby Monitors.” You may have also noticed some light redaction in the slides, since during the course of that research, Mark uncovered a number of new vulnerabilities across several video baby monitors. Vendors were notified, CERT/CC was contacted, and CVEs have all been assigned, per the usual disclosure policy, which brings us to…
What’s TVSPY? TVSPY is a malware that takes advantage of a vulnerability in Teamviewer software version 6, a legitimate tool used for remote PC administration. The malware is also known as TVRAT, SpY-Agent or teamspy. While the current version of Teamviewer fixed this vulnerability, TVSPY relies on bundling Teamviewer v6 in a package with a copy of the malware. It works independently of any existing Teamviewer installation. TVSPY: APT or Crimeware? Eset and Group-IB discussed this malware as crimeware back in 2011 at CARO, while Kaspersky mentions it in one of their APT reports from 2013, with a detailed description…
A researcher has revealed a Zero-Day Vulnerability in FireEye and says there are three other vulnerabilities and all of them are for sale. Ken Westin, Security Analyst for Tripwire commented on the zero-day vulnerability in FireEye’s core product, which if exploited, results in unauthorized file disclosure. [su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire : “Security researchers are increasingly targeting security software vulnerabilities for a number of reasons. Some security researchers are looking for vulnerabilities in open source and commonly used libraries and tools to help make them more secure. Other security researchers are more profit driven, looking for bug…
A software vulnerability has been discovered in the web-based version of the popular WhatsApp messaging app for smartphones, which could allow hackers to trick users into downloading malware on their PCs. The vulnerability could compromise computers by allowing hackers to distribute malware including ransomware, bots, remote access tools (RATs) and other types of malicious code. Mark James, security specialist at IT Security Firm ESET commented on the serious bug in Whatsapp left 200 million users with an ‘open door’ to hackers. [su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Specialist at IT Security Firm ESET : Any insight into the vulnerability/what happened? “Software…
IT security has moved to top-of-mind status for board and executive teams; that’s no surprise. As a top business priority, Chief Information Security Officers (CISOs) need quick and reliable resources for managing complicated and ever-evolving security threats, but are often times equipped with vendor preferences rather than with insight that’s been vetted and tested by IT professionals in the trenches. The most applicable advice comes from those who have been through similar experiences, and who better to learn from than your fellow CISOs? Wisegate, a peer-driven IT research company that generates resources through collaboration of its senior-level IT professional membership…
The prime position of the Chief Information Security Officer (CISO) has been debated for years within the corporate hierarchy. It’s a discussion that will unlikely end soon. Historically, the position has belonged within IT security, as the CISO needs many of IT’s skills to install and monitor complex security products. However, opinions waver on whether the CISO needs all the capabilities of an IT professional. For example, a general does not need to be an expert in hand-to-hand combat to plan a successful attack. Wisegate, a peer-driven IT research company, hosted a discussion between its senior-level IT professional members to…
As somebody who works closely with cryptocurrencies, it’s very common for me to receive phishing emails. Of course, we have been accustomed to checking the domain names attached to the email address to check the authenticity of the sender. However, I’m afraid much of the populace still hasn’t adopted this habit. As a result, they fall victim to phishing emails which collect their login details. And the clincher, the email is formatted so that it would look like the two-factor authentication mail we use to protect ourselves. Does this mean this feature has actually backfired? In the guise of a…
Imation announces IronKey Workspace W200 PC on a Stick Imation Corp. (NYSE:IMN), a global data storage and information security company, today announced its IronKey Workspace W200 PC on a Stick USB flash drive to meet the growing business demands for Windows To Go deployments. With its robust form factor and Microsoft Windows 10 certification, the IronKey W200 USB device offers a high-performance, low-expense option for cost-sensitive enterprises, which can save up to 95 percent compared to outfitting employees with company laptops. Whether supporting a mobile workforce, a contingency staff or a BYOD programme, the IronKey Workspace W200 allows enterprise IT…
Consumer trust in a business has never been so critical. Take, for example, the recent hack on Ashley Madison which saw customer data stolen from its 37 million users, leaving patrons details exposed and the businesses reputation in tatters. This news demonstrates the need for customers to feel confident that their financial and sensitive details are safe when parting with them over the phone and online. The bottom line is, if the public does not trust your brand, they aren’t going to give you their custom. Coupled by the fact that upcoming changes to the European General Data Protection Regulation…