Category: Network Security

The Great Bank Heist, or Death by 1,000 Cuts?

I received a number of media requests and emails from readers over the weekend to comment on a front-page New York Times story about an organized gang of cybercriminals pulling off “one of the largest bank heists ever.” Turns out, I reported on this gang’s activities in December 2014, although my story ran minus many of the superlatives in the Times piece. The Times’ story, “Bank Hackers Steal Millions Via Malware,” looks at the activities of an Eastern European cybercrime group that Russian security firm Kaspersky Lab calls the “Carbanak” gang. According to Kaspersky, this group deployed malware via phishing scams to get inside of computers at more than 100 banks and steal upwards of USD $300 million — possibly as high as USD $1 billion.

Defense Contract Management Agency Probes Hack

The Defense Contract Management Agency , the U.S. federal government entity responsible for performing contract administration services for the Department of Defense , is responding to a suspected cybersecurity breach and has pulled a number of its servers offline while the investigation continues, KrebsOnSecurity has learned

IE11 0day XSS Flaw – Daily Security Byte EP.17

Beware of phishers leveraging a new zero day Internet Explorer (IE) 11 flaw that affects the latest, fully-patched version of Windows. Click play for details. (Episode Runtime: 1:35) Direct YouTube Link:  https://www.youtube.com/watch?v=AIKDoTGBaTU EPISODE REFERENCES: New XSS vulnerability affects IE 11 running on Windows 8.1  – Computer World Full Disclosure post about the flaw – Seclists Follow up post on Full Disclosure – Seclists Proof-of-Concept exploit illustrating the issue  – Packet Storm —  Corey Nachreiner, CISSP  ( @SecAdept )

Syrian Honey Trap – Daily Security Byte EP.16

Bad actors have always tried to lure us into doing things we shouldn’t by appealing to our base, carnal instincts. Today’s daily infosec video shares why you might want to avoid “hot girls” in general online. (Episode Runtime: 1:38) Direct YouTube Link:  https://www.youtube.com/watch?v=TyivxEiCuKM EPISODE REFERENCES: “Hot Girls” are still an effective lure, even among nation-state attackers – Gizmodo FireEye’s report on the Syrian “Hot Girl” attack campaign [PDF] – FireEye —  Corey Nachreiner, CISSP  ( @SecAdept )

Don’t Be ‘fraid of No Ghost – WSWiR Episode 137

If you want the best network defenses, you need to stay abreast of the latest information security news; but I realize most IT folks don’t have the time to stay informed on their own. Let our weekly video do the heavy lifting, and quickly share the biggest infosec news.

Lots of 0day – WSWiR Episode 136

Every network admin I know is buried under a list of tasks, and has little time to spend learning about the latest information security news. If that sounds like you, check out our weekly news recap video. This episode, from the third week of January, covers rumors the NSA hacked North Korea, a warning about attackers exploiting an zero day Flash flaw, Oracle’s quarterly critical patch day, and more