Posted on

Guidelines on the auditing framework for Trust Service Providers

A new ENISA report provides guidelines on the auditing framework for Trust Service Providers (TSPs). These guidelines can be used by TSPs (preparing for audits) and Conformity Assessment Bodies (auditors) having to undergo regular auditing – as set by the eIDAS regulation – and offer a set of good practices which can be used at an organizational level.

The report gives an overview of a typical three-stage audit methodology, listing all relevant requirements for the off-site (documentation level) and on-site (implementation level) assessment procedure, which is finalized with a conformity assessment report.

Read more here.

Posted on

Computer hacker steals Kiwi’s money before his eyes

A New Zealand man watched powerlessly as a computer hacker remotely accessed his PC and started draining his PayPal account with online purchases. Hamilton man Girish Kuruvilla woke at 3am to the sound of his mobile phone vibrating incessantly, and thinking it might be a family emergency from his native India he went to take the phone call.

Instead, the screen of his smartphone was flooded with emails confirming purchases made from his PayPal account that was linked to his ANZ credit card.

Read more here.

Posted on

Commix – Command Injection Attack Tool

Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.

Read more here.

Posted on

Dyre Wolf attack swipes $1 million in wire transfers

Hackers continue their brazen attacks on organizations and are even having their victims call them on the phone to hustle them out of their company’s money. That’s what IBM’s Security Intelligence division has discovered while researching a malware-based attack they have dubbed The Dyre Wolf that’s responsible for stealing more than $1 million.

Download the full IBM report here.

Posted on

Smart ATM offers Cardless Cash Withdrawal to Avoid Card Skimmers

Banks have tried every effort, from providing Magnetic Stripes based Credit and Debit Cards to Chip-and-Pin Cards, in order to secure its users from credit card cloning and card Skimmers.

It has been known from years that Magnetic stripe are incredibly hackable, but Chip-n-Pin cards have also been hacked and successfully cloned by a group of security researchers. A unit of Canada’s Bank of Montreal, BMO Harris Bank is launching the U.S.’s biggest cardless ATM network that allows its customers to withdraw cash within seconds, using nothing but their smartphones.

Read more here.

Posted on

IBM Sponsored Study Finds Mobile App Developers Not Investing in Security

The findings show nearly 40 percent of large companies, including many in the Fortune 500 , aren’t taking the right precautions to secure the mobile apps they build for customers. The study also found organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks i 1 2 opening the door for hackers to easily access user, corporate and customer data.

Read more here.

Posted on

Security risks of networked medical devices

Networked medical devices linked to the Internet of Things (IoT) hold tremendous promise if security is built in from the outset, according to a new report by Intel Security and the Atlantic Council.

The benefits of networked healthcare come with several main areas of concern: theft of personal information, intentional tampering with devices to cause harm, widespread disruption and accidental failures.

Read more here