A new warning about malware designed to target payment platforms highlights why anti-virus software is increasingly ineffective at preventing account compromises. And while this new Trojan is not yet targeting online-banking accounts, financial institutions should be aware of the threat. Continue reading “BetaBot – The new malware kid off the block”
Passwords are passe?
We are all used to passwords as the de-facto authentication..recent news is suggesting its time may be up Continue reading “Passwords are passe?”
Ensuring Communication during an incident
Most organisations are so tuned towards securing their systems that they fail to build proper responses or communication protocols during an incident. Expecting every organisation to be immune from incidents is unrealistic, but least organisations can do is to ensure proper communication during an incident. Continue reading “Ensuring Communication during an incident”
Another Social Network Glitch
Facebook is alerting 6 million of its users that their e-mails or phone numbers were inadvertently shared with other members. So is it another reason to condemn social networking sites Continue reading “Another Social Network Glitch”
Get Introduced to “Ransomware”
Here is the new kid around the block – “Ransomware”. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans, cryptoworms or scareware) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Continue reading “Get Introduced to “Ransomware””
How secure are we using embedded systems?
Virus hits Computer Systems on Airplanes. The US Airforce has reported that a computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions. Continue reading “How secure are we using embedded systems?”
The more they happen, the more they remain the same.
UBS reported a rogue trader attack and informed losses to the extent of over USD 2.3 Billion.
Links to the story can be found at
https://www.ft.com/intl/cms/s/0/d5547ba0-e05b-11e0-ba12-00144feabdc0.html#axzz1ZhGoMU1H
https://www.ubs.com/1/e/media_overview/media_global/releases.html?newsId=195150
As is customary nowadays, any incident is reported as effect of rogue trade. Banks in a momentary lapse of concentration fail to dwell on how a back office trader can run losses of over USD 2 billion, which in effect means unauthorised trades of many more billions.
Coming closely on the heels of the Socgen rogue trade, there is not much information yet on the modus operandi for the UBS scandal, but initial reports suggest a very similar methodology between Socgen and UBS such as dealing in complex financial instruments, exceeding authorisations and so on.
The initial disclosure by UBS indicates that the “positions had been offset in our systems with fictitious, forward-settling, cash ETF positions, allegedly executed by the trader”, which means that there was an individual who had complete access to the back office as well as the dealing room, or can only be attributed to a complete . This would mean that the fundamentals of investment banking which requires that back office be as distinct from front office and mid office was by passed. It is early days yet and only a full investigation will reveal the whole truth.
Till then do we blame the rogue trader or the Frankenstien that created the rogue trader.
E-Discovery and Compliance
E-Discovery as a concept is gaining prominence thanks mainly to the legislative impetus in the United States. Even otherwise from a internal and IT Controls perspective it is very important to understand E-discovery and its implications for organizational controls outside of the compliance related framework that it is usually associated with. Continue reading “E-Discovery and Compliance”
Hackers trick goods out of online shopping sites
A TEAM of computer security researchers have gone on an online shopping spree, after discovering a series of flaws in payment software. Continue reading “Hackers trick goods out of online shopping sites”
Emerging Research – Make Weak Passwords Strong
It has been a consistent challenge to ensure strong password controls due the human element involved. Researchers at the Max Planck Institute for Physics in Dresden, Germany, may have found a solution. Continue reading “Emerging Research – Make Weak Passwords Strong”