Swift To Focus More On Security
June 6, 2016 by admin
Filed under Around The Net
Comments Off on Swift To Focus More On Security
The SWIFT secure messaging service that underpins international banking announced that it will launch a new security program as it fights to rebuild its reputation in the wake of the Bangladesh Bank heist.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT)’s chief executive, Gottfried Leibbrandt, told a financial services conference in Brussels that SWIFT will launch a five-point plan later this week.
Banks send payment instructions to one another via SWIFT messages. In February, thieves hacked into the SWIFT system of the Bangladesh central bank, sending messages to the Federal Reserve Bank of New York allowing them to steal $81 million.
The attack follows a similar but little-noticed theft from Banco del Austro in Ecuador last year that netted thieves more than $12 million, and a previously undisclosed attack on Vietnam’s Tien Phong Bank that was not successful.
The crimes have dented the banking industry’s faith in SWIFT, a Belgium-based co-operative owned by its users.
The Bangladesh Bank hack was a “watershed event for the banking industry”, Leibbrandt said.
“There will be a before and an after Bangladesh. The Bangladesh fraud is not an isolated incident … this is a big deal. And it gets to the heart of banking.”
SWIFT wants banks to “drastically” improve information sharing, to toughen up security procedures around SWIFT and to increase their use of software that could spot fraudulent payments.
SWIFT will also provide tighter guidelines that auditors and regulators can use to assess whether banks’ SWIFT security procedures are good enough.
Leibbrandt again defended SWIFT’s role, saying the hacks happened primarily because of failures at users. “Many of the less protected banks are in countries were skills are really scarce,” he said, pointing the finger at providers of services to banks.
“We will have to create an ecosystem of providers and partners, for example by introducing certification requirements for third-party providers,” he said.
Courtesy-http://www.thegurureview.net/uncategorized/swift-to-implement-new-security-program-after-recent-hacking.html
Amazon Finally Goes Two-Factor
Amazon is making it a little, or a lot, harder for miscreants to make off with user accounts by adding two-factor authentication.
It has taken Amazon some time to fall into line on this. Two-factor authentication has become increasingly popular and common in the past couple of years, and it is perhaps overdue for a firm that deals so heavily in trade.
Amazon is treating it like it’s new, and is offering to hold punters’ hands as they embrace the security provision.
“Amazon Two-Step Verification adds an additional layer of security to your account. Instead of simply entering your password, Two-Step Verification requires you to enter a unique security code in addition to your password during sign in,” the firm said.
The way that the code is served depends on the user, who can choose to get the extra prompt in one of three ways. They may not appeal to those who do not like to over-share, but they will require a personal phone number.
As is frequently the case, Amazon will offer to send supplementary log-in information to a phone via text message or voice call, and even through a special authenticating app.
It’s an option, and you do not have to enable it. Amazon said that users could select trusted sign-on computers that spare them from the mobile phone contact.
“Afterward, that computer or device will only ask for your password when you sign in,” explained the Amazon introduction, helpfully.
There are a number of other outfits that offer the two-factor system and you might be advised to take their trade and do your business through them. Apple, Microsoft, Google, Twitter, Dropbox, Facebook and many others offer the feature.
A website called TwoFactorAuth will let you check your standing and the position of your providers.
Source- http://www.thegurureview.net/technology-2/amazon-finally-goes-two-factor.html
Dyreza Trojan Targeting Windows 10
An infectious banking trojan has been updated so that it supports financial mayhem on the freshly baked Windows 10 operating system and supporting Microsoft Edge browser.
Microsoft reckons that Windows 10 is installed on over 100 million machines, and this suggests prime picking for people who deploy banking trojans, not to mention the fact that most people will still be getting used to the software and its services and features.
The newest edition to the Windows 10 spectrum is a variant of the Zeus banking malware known as Dyreza. It is related to Dyre, a threat that we reported on earlier this year.
The warning at the time was that as many as one in 20 online banking users could be exposed to the threat, and things look as bad this time around. Heimdal Security said in a blog post that the malware has been strengthened in scale and capability.
“The info-stealer malware now includes support for Windows 10. This new variant can also hook to Microsoft Edge to collect data and then send it to malicious servers,” said the post.
“Moreover, the new Dyreza variant kills a series of processes linked to endpoint security software in order to make its infiltration in the system faster and more effective.”
The threat already has a footprint, and the people behind it have increased it. Heimdal said that, once Dyreza is done with your bank account, it will move you into position on a botnet. The firm estimates that this botnet is currently 80,000-strong.
“By adding support for Windows 10, the Dyreza malware creators have cleared their way to growing the number of infected PCs in their botnet. This financial trojan doesn’t only drain the infected computers of valuable data, it binds them into botnets,” said Heimdal.
Source- http://www.thegurureview.net/computing-category/dyreza-trojan-appears-to-be-targeting-windows-10.html
Confusion Continues To Reign With U.S. Chip & PIN
November 11, 2015 by admin
Filed under Around The Net
Comments Off on Confusion Continues To Reign With U.S. Chip & PIN
Several large U.S. retailers are ramping up efforts to use personal identification numbers, or PINs, with new credit cards embedded with computer chips in a bid to prevent counterfeit card fraud.
But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.
A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.
But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.
Broadly, U.S. banks are unprepared or resisting the change.
The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.
But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.
“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.
Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.
“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”
But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.
EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.
Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.
“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.
Courtesy-http://www.thegurureview.net/aroundnet-category/confusion-continues-to-reign-with-u-s-chip-pin.html
Is The Shifu Trojan Wreaking Havoc In Japan?
Comments Off on Is The Shifu Trojan Wreaking Havoc In Japan?
Security research has found a banking trojan called Shifu that is going after Japanese financial firms in a big way.
Shifu is described as “masterful” by IBM X-Force, and is named after the Japanese word for thief, according to the firm. It is also the Chinese word for skilled person, or tutor.
X-Force said in a blog post that the malware has been active since the early summer, and comprises a number of known tools like Dyre, Zeus and Dridex. It has been put together by people who know what they are doing, and sounds like a significant problem for the 20 institutions it is targeting.
“The Shifu trojan may be a new beast, but its inner workings are not entirely unfamiliar. The malware relies on a few tried-and-true trojan mechanisms from other infamous crimeware codes,” said the IBM researchers.
“It appears that Shifu’s internal makeup was composed by savvy developers who are quite familiar with other banking malware, dressing Shifu with selected features from the more nefarious of the bunch.”
The Shifu package offers a range of attack features as well as clean-up tools to cover its tracks. It reads like a Now that’s what I call … recent attacks compilation CD, and has some oldies but baddies.
“Shifu wipes the local System Restore point on infected machines in a similar way to the Conficker worm, which was popular in 2009,” added the firm as one example.
The package can wreak havoc on companies and their users. If we had a bucket of damp sand we would pour it all over Shifu and stamp on it.
“This trojan steals a large variety of information that victims use for authentication purposes. For example, it keylogs passwords, grabs credentials that users key into HTTP form data, steals private certificates and scrapes external authentication tokens used by some banking applications,” said IBM.
“These elements enable Shifu’s operators to use confidential user credentials and take over bank accounts held with a large variety of financial service providers.
“Shifu’s developers could be Russian speakers or native to countries in the former Soviet Union. It is also possible that the actual authors are obfuscating their true origin, throwing researchers off by implicating an allegedly common source of cybercrime.”
Source-http://www.thegurureview.net/computing-category/is-the-shifu-trojan-wreaking-havoc-in-japan.html
Will Qualcomm Unveil The Snapdragon 820 SoC
Comments Off on Will Qualcomm Unveil The Snapdragon 820 SoC
Qualcomm is set to unveil its new Snapdragon 820 SoC on August 11 in LA and more details are being leaked than you would see at a Welsh leak recipe contest.
It appears that the new Snapdragon 820 will have the catchy title MSM8996 and it promises some significant performance improvements in key areas. We already know that it will not be catching fire, but it also has a 40 per cent GPU performance increase with its A530 GPU.
The device is also claimed to have a 30 per cent power improvement with 64b of shared virtual memory with the CPU.
Another big area of improvement is the Hydra CPU, which claims a 35 percent improvement compared to the Snapdragon 810.
The Snapdragon 820 will support 4k60 entertainment and high-speed data connectivity.
There are rumours that there will be a QFE3100 Envelope Tracking system this will not speed up mail in the criminally slow Italian Post Office, but should create a lower power and a thermal footprint. A dedicated low power sensor is integrated for always on use.
Another major upgrade compared to the older SoC is a switch from 20nm to 14nm FinFET manufacturing process. We are still expecting the Xiaomi Mi5 to be the first one to use it.
Qualcomm Gives Snapdragon More Umph
Qualcomm has released a new Trepn Profiler app for Android which will profile Snapdragon processors and tinker with them.
The Trepn Profiler app identifies apps that overwork the CPU or are eating too much data. The app will pinpoint which of the apps drain the battery faster.
All data that will be obtained by this app can provide information you need to know which program is slowing down your phone.
Most Android phone users will not give a damn, but developers will find it useful. Those who are interested in testing roms, custom kernels, and their own apps can use the data gathered by the Trepn Profiler.
Developers can measure optimisation and performance on Snapdragon-powered mobile devices. Data are real-time include network usage, battery power, GPU frequency load, and CPU cores’ load. Key features also include six fast-loading profiling presets, and an advanced mode to manually select data points and save for analysis.
The Advanced Mode allows profiling a single app or device, offline data analysis, and increasing of data collection interval. This special mode also allows longer profiling sessions, displaying two data point in one overlay, and viewing of profile data.
All up this should enable developers to come up with more Snapdragon friendly apps.
Did AMD Commit Fraud?
AMD must face claims that it committed securities fraud by hiding problems with the bungled 2011 launch of Llano that eventually led to a $100 million write-down, a US court has decided.
According to Techeye US District Judge Yvonne Gonzales Rogers said plaintiffs had a case that AMD officials misled them by stating in the spring of 2011 and will have to face a full trial.
The lawsuit was over the Llano chip, which AMD had claimed was “the most impressive processor in history.”
AMD originally said that the product launch would happen in the fourth quarter of 2010, sales of the Llano were delayed because of problems at the company’s chip manufacturing plant.
The then Chief Financial Officer Thomas Seifert told analysts on an April 2011 conference call that problems with chip production for the Llano were in the past, and that the company would have ample product for a launch in the second quarter.
Press officers for AMD continued to insist that there were no problems with supply, concealing the fact that it was only shipping Llanos to top-tier computer manufacturers because it did not have enough chips.
By the time AMD ramped up Llano shipments in late 2011, no one wanted them any more, leading to an inventory glut.
AMD disclosed in October 2012 that it was writing down $100 million of Llano inventory as not shiftable.
Shares fell nearly 74 percent from a peak of $8.35 in March 2012 to a low of $2.18 in October 2012 when the market learned the extent of the problems with the Llano launch.
Medical Data Becoming Valuable To Hackers
Comments Off on Medical Data Becoming Valuable To Hackers
The personal information stored in health care records fetches increasingly impressive sums on underground markets, making any company that stores such data a very attractive target for attackers.
“Hackers will go after anyone with health care information,” said John Pescatore, director of emerging security trends at the SANS Institute, adding that in recent years hackers have increasingly set their sights on EHRs (electronic health records).
With medical data, “there’s a bunch of ways you can turn that into cash,” he said. For example, Social Security numbers and mailing addresses can be used to apply for credit cards or get around corporate antifraud measures.
This could explain why attackers have recently targeted U.S. health insurance providers. Last Tuesday, Premera Blue Cross disclosed that the personal details of 11 million customers had been exposed in a hack that was discovered in January. Last month, Anthem, another health insurance provider, said that 78.8 million customer and employee records were accessed in an attack.
Both attacks exposed similar data, including names, Social Security numbers, birth dates, telephone numbers, member identification numbers, email addresses and mailing addresses. In the Premera breach, medical claims information was also accessed.
If the attackers try to monetize this information, the payout could prove lucrative.
Credentials that include Social Security numbers can sell for a couple of hundred dollars since the data’s lifetime is much longer compared to pilfered credit card numbers, said Matt Little, vice president of product development at PKWARE, an encryption software company with clients that include health care providers. Credit card numbers, which go for a few dollars, tend to work only for a handful of days after being reported stolen.
Qualcomm Goes Ultrasonic
Qualcomm has unveiled what it claims is the world’s first ‘ultrasonic’ fingerprint scanner, in a bid to improve mobile security and further boost Android’s chances in the enterprise space.
The Qualcomm Snapdragon Sense ID 3D Fingerprint technology debuted during the chipmaker’s Mobile World Congress (MWC) press conference on Monday.
The firm claimed that the new feature will outperform the fingerprint scanners found on smartphones such as the iPhone 6 and Galaxy S6.
Qualcomm also claimed that, as well as “better protecting user data”, the 3D ultrasonic imaging technology is much more accurate than capacitive solutions currently available, and is not hindered by greasy or sweaty fingers.
Sense ID offers a more “innovative and elegant” design for manufacturers, the firm said, owing to its ability to scan fingerprints through any material, be it glass, metal or sapphire.
This means, in theory, that future fingerprint sensors could be included directly into a smartphone’s display.
Derek Aberle, Qualcomm president, said: “This is another industry first for Qualcomm and has the potential to revolutionise mobile security.
“It’s also another step towards the end of the password, and could mean that you’ll never have to type in a password on your smartphone again.”
No specific details or partners have yet been announced, but Qualcomm said that the Sense ID technology will arrive in devices in the second half of 2015, when the firm’s next-generation Snapdragon 820 processor is also tipped to debut.
The firm didn’t reveal many details about this chip, except that it will feature Kryo 64-bit CPU tech and a new machine learning feature dubbed Zeroth.
Qualcomm also revealed more details about LTE-U during Monday’s press conference, confirming plans to extend LTE to unused spectrum using technology integrated in its latest small-cell solutions and RF transceivers for mobile devices.
“We face many challenges as demand for data constantly grows, and we think the best way to fix this is by taking advantage of unused spectrum,” said Aberle.
Finally, the chipmaker released details about a new a partnership with Cyanogen, the open-source outfit responsible for the CyanogenMod operating system.
Qualcomm said that it will provide support for the best features and UI enhancements of CyanogenMod on Snapdragon processors, which will be available for the release of Qualcomm Reference Design in April.
The MWC announcements follow the launch of the ARM Cortex-based Snapdragon 620 and 618 chips last month, which promise to improve connectivity and user experience on high-end smartphones and tablets.
Aberle said that these chips will begin to show up in devices in mid to late 2015.