The Reserve Bank of India has issued a bulletin to the nation’s banks, advising them of the need to enable their ATM fleets for EMV chip-and-pin cards before the card networks’ liability shift deadline of Oct. 1, 2017.
Read the full article here.
Time Inc. confirms Myspace has been hacked
Time Inc. only got the keys to Myspace.com a few months ago, but it’s already having to confirm some bad news: the social network has been the target of a hack. In a press release, the company says that just before the Memorial Day weekend (or Spring Bank Holiday in the UK), its technical teams were notified of someone trying to sell Myspace usernames, passwords and email addresses that were registered before June 2013.
Time Inc. doesn’t say how many accounts are affected, but a blog post on LeakedSource suggests that 360 million records may have been stolen in the breach.
Myspace is already in the process of alerting those affected and is working with the authorities to identify who may be responsible. Given that the person (or people) involved shared an alias with LeakedSource, investigators will have at least something to go on.
Read the full article here.
Google Releases Spaces, a Shared Notebook For Your Projects
Google has announced a brand new tool called Spaces that allows multiple users to create a shared workspace for projects. It allows you to grab photos, videos, and links while discussing a topic all in one place.
The service is rolling out right now for Android, iOS, and web users. Google suggests that Spaces would be useful for when you need to have a discussion about a certain topic with a group of people and want to make sure it stays on task. You can also collect stuff from around the web to store in each Space. It seems to be a halfway point between Evernote and a group chat. We’ll know more about how it works once it rolls out to everyone.
Read the full article here.
Payment Application Data Security Standard 3.2 released
The PCI Security Standards Council (PCI SSC) published a new version of its data security standard for payment software, the Payment Application Data Security Standard (PA-DSS) version 3.2. The Payment Application Data Security Standard is used by payment application vendors to ensure their software products will protect payment card data from theft. Merchants and other businesses globally use “PA-DSS Validated” software to ensure they can safely accept payments, both in-store and online.
Read the full article here.
SANS maps SAP cybersecurity to the CIS Critical Security Controls list
The CIS Critical Security Controls are a set of internationally recognized standards outlining the most important cyber hygiene actions that every organization should implement to protect their IT networks. They are highly regarded by the global IT community as they are developed, refined, validated, and updated by experts who pull data from a variety of public and private threat sources; and are transforming security in government agencies and other large enterprises by focusing spending on the key controls that block known attacks and find the ones that get through.
Read the full article here.
Banking service SWIFT adds new security plan following hacks
Banks use a service to send secure messages built by the Society for Worldwide Interbank Financial Telecommunications (SWIFT) to send financial transaction instructions. But recently it hasn’t been so secure: Hackers stole $12 million from Ecuador banks earlier this week, the latest in a slew of thefts. Today, SWIFT released a plan to work with its customers (the banks) to shore up the messaging system’s security.
The plan is rooted in some standard anti-cyber attack strategies: Share information on breach attempts, beef up safety tools and enforce security protocols at all staff levels. While SWIFT’s core business has been passing authenticated messages between banks, the security overhaul includes checking whether those messages are consistent with past activity, much like how banks flag suspicious activity on personal accounts.
But the outline seems more plaintive than commanding, urging SWIFT customers to obey its security protocols rather than requiring adherence to use the service. As SWIFT CEO Gottfried Leibbrandt said in a statement, "While each individual SWIFT customer is responsible for the security of its own environment, the security of global banking can only be ensured collectively."
This year has already seen numerous instances of fraudulent SWIFT requests funneling money into hackers’ dummy accounts. Earlier this month, a Vietnamese bank prevented an attempted heist, while a typo tipped off bank officials to an attempt in Bangladesh back in February — but not before the thieves made off with $81 million. The latter group of hackers have also been connected to SWIFT-breaching attempts in the Philippines and other Southeast Asian countries.
Read the full article here.
Hackers steal $12 million from an Ecuadorian bank via SWIFT
Earlier this week reports showed another round of SWIFT-related cyber heists, this time targeting banks in Ecuador. A new report in Reuters sheds light on what actually happened to the high-tech thieves’ $12-million loot. Apparently, they moved $9 million to 23 banks in Hong Kong and $3 million to Dubai and other parts of the world. Wells Fargo transfered sums with the total value of $9 million to the accounts of four companies at HSBC and Hang Seng Bank based on authenticated SWIFT transactions. The hackers then distributed the money to what are believed to be phoney business accounts.
Similar to the recent Bangladesh and Vietnam bank attacks, the thieves’ scheme involved the use of the SWIFT messaging platform. Banks use SWIFT’s platform to make financial transfers between each other, and cyber thieves typically send out fraudulent SWIFT messages requesting for funds to be routed to dummy accounts.
In Bangladesh Bank’s case, the thieves used the SWIFT credentials of the institution’s employees to request several transfers to accounts overseas. They got off with $80 million, which would have been much larger if they didn’t misspell the word "foundation." The hackers could have easily accessed the employees’ credentials, because the bank lacked a proper firewall. It’s not clear if that’s also what happened in Ecuador, but the thieves obviously had the same MO.
Read the full article here.
Soon You’ll Swallow Origami Pills and Get Magnetic Colonoscopies
This might be a tough pill to swallow, but the future of medicine is all about ingestible sensors. Things like cameras to scope out your bowels and electronics that detect if you’ve taken your medicine (recently FDA-approved, by the way).
Also, swallowable origami. Researchers at MIT have developed a frozen gizmo made of pig intestine that you drop down the hatch. As it thaws in your stomach, it unfolds. Using a magnetic field, a doctor could theoretically lead the device to something you’ve gone and swallowed but really shouldn’t have—batteries aren’t as tasty as they look—and hurry the offending object out of your system.
Theoretically. The researchers have so far only tested the device on a model of a pig stomach. But it’s a fascinating glimpse into the future of incision-free surgery, one propelled in large part by magnets.
Read the full article here.
Up to a dozen banks are reportedly investigating potential SWIFT breaches
More banks have reportedly launched investigations into potential security breaches on their networks after hackers stole US$81 million from the Bangladesh central bank earlier this year through rogue SWIFT transfers. Security firm FireEye, which was hired to investigate the Bangladesh bank attack, was also called in to look for possible compromises at up to 12 additional banks, Bloomberg reported Thursday, citing an unnamed source familiar with the investigations.
Read the full article here.
Philippines Bank hit by SWIFT Hacking Group allegedly linked to North Korea
SWIFT Bank Hackers have attacked another bank in the Philippines using the same modus operandi as that in the $81 Million Bangladesh Bank heist.
Security researchers at Symantec have found evidence that malware used by the hacking group shares code similarities with the malware families used in targeted attacks against South Korean and US government, finance, and media organizations in 2009.
Read the full article here.