On a recent post by Krebsonsecurity.com, Krebs talks about how he makes sure his banking information is a little more secure by using a verbal passphrase before discussing his accounts.
Krebs brought up this security concern after investigating different banks and their customer service officials when forgetting your login credentials. Using limited but general information that is present on social media and other sites, it is surprisingly easy to act like an annoyed customer and get access to an account. To set up a passphrase or different PIN number that needs to be said before discussing any account details, all you need to do is contact your bank and simply ask if they provide the security service. Most banks actually do though they do not openly advertise this feature or ask you to implement it on your account. After implementing this additional layer of security, you can feel a little more secure about your personal information and assets. When you or someone else is trying to access your account and does not provide the passphrase, it requires an in person visit before a transaction can be continued which you will be prompted for a photo ID. So if you are a paranoid or just want extra protection on your bank account, a verbal passphrase is just what you need.
0 Comments
A new post by securityboulevard.com came out today, reiterating the fact that their are still malicious apps that slip through the security check of app stores and make it onto your devices. In this case, light was shined on a fake of the popular Whatsapp Messenger application.
It is uncertain how the app made it through the security checks by Google, but this is not the first time this has happened. The apps generally fool the users into downloading them thinking they are the official app. However if you look closely, the apps will have an extra letter or hidden space added to the name as well as a slightly different picture, though sometimes it may be the same. The fake app was first pointed out by a reddit user which then prompted Google to take it down. In the following 24 hours, people on Reddit and Twitter began to scour the app store for more rogue applications, some of which had been downloaded over a million times After an investigation of the fake Whatsapp code, it was found to be more focused on adware instead of anything more malicious. Meaning while using the app, the users would simply get an increased number of pop ups asking them to download an additional fake app. Though this app was not horribly malicious towards the user, others apps could gain credit card information and much more if successfully downloaded into your personal device, To help protect yourself and your devices, always check to make sure the app you're about to download is really what it says it is and is officially verified by the actual company that makes it. A respected security news site I check often is Kaspersky Labs' threatpost.com, which is always reporting new emerging threats effecting the industry.
Recently they published an article about modified attacks that have been affecting Japanese enterprises in the past several months that leave behind ONI ransomware. In Japan ONI refers to demon like figures such as the picture shown above that are common in Japanese art and folklore. These attacks are built around DiskCyrptor disk encryption utility combined with a bootkit and are generally first introduced via a spear phishing email with a office document containing a Trojan called Ammyy Admin. Once downloaded, the malware takes advantage of user credentials to move laterally throughout the network compromising data assets, harvesting information and eventually targets the domain controller to gain complete control of the target network. At the end of the attack, the ONI ransomware is spread as well as deletion of log files on the computers in attempt to cover its tracks and leave its true motive unknown. This new attack is very similar to the NotPetya malware that was seen employed throughout the Ukraine in early June. However, unlike NotPetya, ONI has a bootkit accompanied with it that makes it impossible to recover any of the encrypted disk. Thus making it even more devastating on the afflicted organization Out of the investigation, it was found that the critical MS17-010 security update which was released in March of this year was not installed on the networks which were attack between July and September. So if there is anything to learn from this attack, it is to always, ALWAYS!, update you machines as soon as you can. |
Some of My Security News Sites:Krebsonsecurity.com
Threatpost.com Securityboulevard.com Securityweekly.com Symantec.com Securityledger.com Have a news site or blog? Send me a message so I can add it to mine! |