Monthly Archives: May 2016

Investigation Suggests Insider Involvement in $81 Million Theft at Bangladesh Central Bank

The official Bangladesh government probe into the $81 million dollar theft via SWIFT in February has suggested the possibility of insider involvement. In February 2016 attackers successfully tricked the New York Federal Reserve Bank into transferring $81 million from the Bangladesh central bank to accounts in the Philippines. Before today, the primary Bangladesh line has been to blame SWIFT for the breach.

Read More Securityweek

Sandjacking: New iOS Threat Lets Attackers Out of the Box

Apple devices are gaining popularity with a dubious group: cybercriminals. As noted byITProPortal, iOS threat XcodeGhost has now cracked the top three “most common” families of active malware.

According to SecurityWeek, meanwhile, a new threat is on the horizon for iOS. Called sandjacking, it’s a new way for malicious actors to crack Apple protections, install rogue apps and get access to sensitive user files. Here’s how attackers are breaking out of the box.

Read More Securityintelligence

TorrentLocker Detected Targeting Computers in Sweden

A new TorrentLocker campaign has been detected by Heimdal Security that is geographically focused on Sweden. And like earlier campaigns, this ransomware threat is delivered by email spam – this one spoofing an invoice from the international Telia communications firm headquartered in Stockholm, Sweden. If this campaign follows the traditional TorrentLocker route, the target area will expand to other specific areas in the future.

Read More Securityweek

DNS Management Provider Hit With Sophisticated, ‘Precise’ DDoS Attacks

NS1 CEO says other DNS providers also have been attacked over the past few months.

A sophisticated, sustained, and ongoing distributed denial-of-service (DDoS) attack on DNS and traffic management firm NS1 highlights what the company’s CEO says is a clear escalation in attacks against organizations in this space over the past several months.

Read More Darkreading

Phishers Creating More Noise to Fool Defenses

phishing attacks

The criminals behind phishing attacks are creating vast numbers of unique Web pages to host their attacks in an attempt to dodge defenses, according to an industry report.

The number of distinct Website links in phishing attacks jumped by more than 150 percent in five months, showing that phishing remains a major vector of compromise, the Anti-Phishing Working Group stated in a report released on May 24.In March 2016, phishing emails seen by APWG members contained more than 123,000 unique URLs, up from 48,000 in October 2015. While the number of URLs has increased dramatically, the number of domains and the number of brands used as camouflage by phishers have remained relatively constant at about 20,000 and 418, respectively, according to the report.

Read More eWeek

Most CMS-run websites have obsolete software and are vulnerable to attack

Most CMS-run websites have obsolete software and are vulnerable to attack

Many WordPress-, Joomla-, Magento- and Drupal-driven websites aren’t being updated, making them susceptible to phishing exploits and malware

If you’ve been putting off software updates on websites that you’ve developed, been bamboozled into managing, or somehow become inexplicably responsible for, you’re not alone. All of the major content management systems (CMS) website brands are out of date much of the time.

Read More Networkworld

“Wekby” Group Uses DNS Requests for C&C Communications

Palo Alto Networks researchers noticed that a China-linked advanced persistent threat (APT) actor has been using a piece of malware that leverages DNS requests for command and control (C&C) communications.

The group, known as Wekby, APT 18, Dynamite Panda and TG-0416, is believed to be responsible for the 2014 attack on Community Health Systems, one of the largest hospital operators in the United States. In that operation, the attackers reportedly stole 4.5 million patient records by exploiting the OpenSSL vulnerability dubbed Heartbleed.

Read More Securityweek

The frustrating aftermath of a data breach at American Type Culture Collection

w2 phishing
Credit: CSO staff

Vendor issues and communications leave employees feeling tossed aside and forgotten

In April, American Type Culture Collection (ATCC) was targeted by a Phishing attack seeking W-2 records. The attempt was successful, leaving employees stressed about their finances and the long-term impact this breach could have on them.