See the startling results of meticulous analysis of hundreds of real-life insider attacks from the team at Carnegie Mellon University, where the CERT (Computer Emergency Response Team) function was created. The analysis results clearly indicate that, contrary to the majority of headlines, stealthy insiders pose a huge...
As various batches of stolen credit card "dumps" are offered for sale with discount structures and money-back guarantees, it is clear just how sophisticated the Fraud Ecosystem has become. The fraudsters and their support teams have created well-organized forums offering a broad variety of products that constitute a...
Mobile banking is growing out of its infancy and experts predict it will soon be the dominant banking and payments channel. However, with mobile operating systems and their varying support of security best practices, multiple new threat vectors are being introduced and many are already being widely utilized for...
Public-sector organizations need to better understand the driving forces, priorities and procedures within the organizations they "protect." But equally as important is that the private sector organizations reciprocate and understand the how, what and why of the law enforcement/public body process.
This mutual...
Part 1 - EMV Here We Come
If you squeeze a balloon in one place, it will expand in another. When we secure in-person transactions with EMV, the fraudsters will begin testing other channels of entry, and one of the least secure portals is that of card-not-present (CNP), online transactions. Many other regions have...
Intelligence is critical in mounting an effective defense and, equally as important, is an effective offense. This session will look at intelligence gathering from both sides of the DMZ. There is a great deal of critical information available about your adversaries and a startling amount about you, your organization,...
What are the most common mechanisms used in the "Exploit" phase? Many attacks simply take advantage of known vulnerabilities or network weaknesses that have not been addressed, in which case the adversaries have no need to create custom malware. When they are employed, "zero-day" attacks are often very difficult to...
To date, the most common reaction to targeted attacks has been for organizations to just do what they have always been doing, but harder. That isn't going to work. We need to look at this problem differently and adopt a different set of thought processes. There is a great deal to be said for adopting a warlike...
A report claiming that Las Vegas Sands Corp. was hit with a "wiper" malware attack back in February, similar to one that recently affected Sony Pictures Entertainment, illustrates why more organizations need to mitigate the risks of such an attack.
A new version of the Destover malware includes a legitimate certificate from Sony. But a researcher claims it's a hoax. Meanwhile, new evidence emerges that the hackers who attacked Sony Pictures Entertainment had criminal - not nation-state - intentions.
With social engineering, phishing and a host of other attacks on the rise, the consumer remains the most vulnerable link in the fraud chain. Banks and financial institutions are helping to lead the way in education, supported by organizations like the FFIEC which recently issued new guidance on security awareness for...
The "wiper" malware attack against Sony Pictures Entertainment has numerous commonalities with previous wiper attacks in Saudi Arabia and South Korea. This infographic summarizes the attacks and highlights their similarities.
Except for the leak of celebrities' private data, the "wiper" malware attack against Sony Pictures Entertainment shares "extraordinary" similarities with previous wiper attacks in Saudi Arabia and South Korea, a security researcher finds.
A remote-access attack that compromised a parking facility provider with locations in Illinois, Pennsylvania, Ohio and Washington highlights how commonly used point-of-sale terminal and software brands are increasingly being exploited by hackers.
The destructive code that was used to infect and erase hard drives at Sony Pictures Entertainment - and which apparently was the subject of a recent FBI "flash alert" - has been identified as "wiper" malware known both as Destover and Wipall.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
