Security Alerts & News
by Tymoteusz A. Góral

History
#155 Clever bank hack allowed crooks to make unlimited ATM withdrawals
Banking malware is using techniques once reserved for state-sponsored hacking gangs.
#154 Dyre: Operations of bank fraud group grind to halt following takedown
The cybercrime group controlling the Dyre financial fraud Trojan appears to have suffered a major blow following a Russian law enforcement operation in November. Symantec telemetry has confirmed a virtual cessation of the group’s activities. Dyre (detected by Symantec as Infostealer.Dyre) is spread through email spam campaigns and no Dyre-related spam campaigns have been observed since November 18. Detections of the Dyre Trojan and associated malware have also dropped dramatically since mid-Nove
#153 T9000 malware records Skype calls, screenshots and text messages to steal data
Once T9000 has infected a system, its main goal is to collect information about the targeted victim which is does by compromising Skype video calling software. After the malware has hooked into Skype, it records video calls, audio calls, and chat messages then stores them in a directory specially created by the Trojan called "Intel", which the attackers can mine for data.
#152 ADWIND a cross-platform rat - malware (PDF report)
At the end of 2015 Kaspersky became aware of an unusual malware program, discovered in an attempted attack on a bank in Singapore. Analysis of the file attached to a spear-phishing email that had been sent to the bank revealed the name of the malware: JSocket. Later on we found that this malware has many names: Adwind RAT (Remote Access Tool), AlienSpy, Frutas, jFrutas, Unrecom, Sockrat, JSocket, jRat. The rich features of the malware, including its ability to run on Windows, Mac OS and Linux, a
#151 Barclays Bank joins Interpol cyber-crime fighting centre
Interpol said its agreement with Barclays will broaden joint efforts in cyber-security through intelligence sharing, training and awareness about cyber-threats mitigation, and providing recommendations for public and private institutions on strengthening their cyber-resilience.
#150 UK-US deal would allow MI5 to get chat, mails directly from US companies
The agreement would help to resolve the difficult situation for US Internet companies, which are increasingly under pressure from the UK government to provide intercepts or stored data for domestic investigations of terrorist and criminal activities, but forbidden from doing so by US laws.
#149 Metel bank robbers borrowing from APT attacks
Today at the Security Analyst Summit, researchers from Kaspersky Lab Global Research & Analysis Team unveiled details on two new criminal operations that have borrowed heavily from targeted nation-state attacks, and also shared an update on a resurgent Carbanak gang, which last year, it was reported, had allegedly stolen upwards of $1 billion from more than 100 financial companies. - See more at: https://threatpost.com/spree-of-bank-robberies-show-cybercriminals-borrowing-from-apt-attacks/11
#148 Oracle patched bug that could result in 'complete compromise' of Windows
The security loophole is named CVE-2016-0603 and the bug fix has been released to address a vulnerability which can be exploited when Java version 6, 7, or 8 is installed on a Windows platform. The weakness is remotely exploitable, allowing attackers to compromise a network without the need for usernames or passwords.
#147 Kaspersky Security Analyst Summit 2016: The Live Blog
#146 Cisco 2016 Annual Security Report
With the Cisco 2016 Annual Security Report, which analyzes advances by security industry and criminals, see how your peers assess security preparedness in their organizations and gain insights into where to strengthen your defenses.
#145 Neutrino Exploit Kit Not Responding – Bug or Feature?
Exploit kits often employ measures to keep security researchers and other unwanted visitors away from their servers, but most of the time these measures are handled on the HTTP level- with web servers redirecting you away or returning fake error codes; implementing this logic on a TCP level as Neutrino did is a fairly smart move on their part: generally speaking when a server doesn't respond to you at all you tend to assume that it's down.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12