Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

ATM Equals 'All The Money' →

May 03, 2017 by Marc Handelman in All is Information, Attack Analysis, Attack Vectors, Bank Security, Crime, Criminal Enterprise, Hardware Security, Information Security, Financial Security

John Leyden, writing at El Reg, tells the tale of the latest ATM SNAFU. All based on CVE-2017-6968... Astonishing, indeed.

"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg

May 03, 2017 /Marc Handelman
All is Information, Attack Analysis, Attack Vectors, Bank Security, Crime, Criminal Enterprise, Hardware Security, Information Security, Financial Security

A Hoarder's Tale, A Big Banking Bitcoin Story →

October 25, 2016 by Marc Handelman in All is Information, Bank Security, Information Security, Cybersecurity Competence, Cybersecurity Economics, Cyberthis Cyberthat, Cryptocurrency

Sacrebleu. Those crafty Brits (in reality, London City based Banks) are now planning on hoarding Bitcoins to pay cyberransoms to so-called cybercriminals. Translation: They are currently doing so, so come on guys, make your scurrilous demands, they're ready for you.  HatTip

"The virtual currency, which is highly prized by criminal networks because it cannot be traced, is being acquired by blue chip companies in order to pay ransoms..." via The Guardian's Jamie Doward
October 25, 2016 /Marc Handelman
All is Information, Bank Security, Information Security, Cybersecurity Competence, Cybersecurity Economics, Cyberthis Cyberthat, Cryptocurrency

Harbortouch'ed →

May 07, 2015 by Marc Handelman in All is Information, Bank Security, Cruft, Data Security, Information Security, POS Security

via the inimitable Brian Krebs, writing at Krebs On Security, comes the latest sorry tale of attacked, and successfully breached, Point of Sale (POS) terminals manufactured by POS system purveyor Harbortouch.

May 07, 2015 /Marc Handelman
All is Information, Bank Security, Cruft, Data Security, Information Security, POS Security

Exposition de la Journée, l'Insécurité de la Banque →

March 22, 2015 by Marc Handelman in All is Information, Bank Security, Information Security

In an outstanding write-up, via TidBits Securosis' Rich Mogull explains the bank generated issues challenging Apple Inc.'s (NasdaqGS: AAPL) Apple Pay financial product, and the unfortunate piggy-backing member bank security SNAFUs.

March 22, 2015 /Marc Handelman
All is Information, Bank Security, Information Security

Over One Billion Served →

February 17, 2015 by Marc Handelman in All is Information, Cybernetic Crime, Data Security, Database Security, Financial Security, Information Security, Must Read, Network Security, Security Failure, Security Governance, Bank Security, Social Engineering, Behavioral Security, APT, Persistent Threats, Moles

Suprised by the largest heist in history? Concerned about Carbanak APT? Clearly, proof-positive that advanced persistent threats are deeply evil - and highly efficient when coupled with other complimentary and stealth-like methodologies (aka Hiding in Plain Sight). Read on...

February 17, 2015 /Marc Handelman
All is Information, Cybernetic Crime, Data Security, Database Security, Financial Security, Information Security, Must Read, Network Security, Security Failure, Security Governance, Bank Security, Social Engineering, Behavioral Security, APT, Persistent Threats, Moles