Posted on

The new Common Weakness Scoring System – CWSS

When a security analysis of a software application is performed, such as when using an automated code auditing tool, developers often face hundreds or thousands of individual bug reports for weaknesses that are discovered in their code. In certain circumstances, a software weakness can lead to an exploitable vulnerability. For example, a buffer overflow vulnerability might arise from a weakness in which the programmer does not properly validate the length of an input buffer. This weakness only contributes to a vulnerability if the input can be influenced by a malicious party, and if that malicious input can copied to an output buffer that is smaller than the input.

 

Continue reading “The new Common Weakness Scoring System – CWSS”

Posted on

It is our 10th Birthday

 

 


10 years ago on the 27th of August 2001, we started our journey under the corporate identity of “Qadit Systems & Solutions Pvt Ltd”, to provide quality Information Security Assurance & Consultancy services.

 


Today as we enter our 11th year, we wish to Thank all our Clients, Associates, Partners and Well-Wishers for being part of this enjoyable journey and for

 


    your words of wisdom, encouragement and appreciation;

 


    the opportunities provided for helping us improve and expand our service offerings;

 


    your suggestions and honest opinions that have helped us ensure the quality of our service; and

 


    the constant support and strength that your association has provided us.

 

 

We look forward to your continued patronage and good wishes in our ongoing journey.

 

 

A Heartfelt

  

from The Team @ Qadit.
Posted on

Operation Shady RAT

McAfee revealed a 5 year cyber-espionage campaign it called “Shady Rat” which it claims have affected upto 72 organisations in 14 countries. Organisations affected by the Shady Rat are said to have lost emails, design plans, strategy documents etc. McAfee reports that this is a hack of unprecedented propotions and that advanced persistent threats are to blame.

 

Continue reading “Operation Shady RAT”

Posted on

ATM Skimming – Precautions To Be Taken

ATM Skimming happens when thieves attach devices onto ATMs in order to copy a credit-or-debit-card number, the information on the magnetic strip and even your personal identification number.

 

A fraudster can benefit from ATM Skimming by creating a cloned card that can be used in an ATM or at a POS terminal. For using in the POS Terminal, only the magnetic strip info is required, whereas for using in an ATM, the fraudster will need the PIN also.

 

Thus there are two critical components involved in ATM Skimming : a device on the card-reader slot to obtain the magnetic strip information from the card; and either a camera or a pin-pad device on the existing pin-pad to obtain the PIN.

 

Continue reading “ATM Skimming – Precautions To Be Taken”

Posted on

Insider Fraud: Customer’s money accounting over $19 million!!

Citi bank was in deep trouble after the fraud took place. Federal authorities were investigating the fraud. In response to FBI investigations, they arrested Gary Foster, who has worked in Citi treasury finance department. It was found that Foster was allegedly embezzling more than $19 million from Citi and its customers. It was second public blow for Citi within two months. Initially customers account was compromised by hackers. Many people expressed their views upon Citi to take necessitate action and ensure it doesn’t happen in future.

Can you believe the reason behind it??

How Trusted Employees Steal Millions and Why It’s So hard for Banks to Stop Them”

It was found that the reason behind it was poor internal controls. Most banks have done poor job in keeping up with internal threats. One cause might be banks have reduced spending on internal controls and fraud detection because of very tight budgets. It was a reprise of internal fraud happened in Bank of America and BofA. In the latter case employee had been accused not of embezzlement, but of leaking customer names, addresses, Social Security numbers, phone numbers, bank account numbers, driver’s license numbers, birth dates, e-mail addresses, family names, PINs and account balances to a ring of criminals. In the former case with Bank of America customer accountholder information was compromised.

Employee who committed, was clever!!

It was a classic case of insider fraud. Many banks monitor their employees to detect various types of fraud and Citi did not have that kind of monitoring in place. According to the complaint filed by the U.S. Attorney, Foster(the former Citi bank employee) transferred money from various Citigroup accounts to Citigroup cash accounts and then used ACH rails to fraudulently wire funds to his personal account at a different bank. He was either very clever or was leading a double life that only caught up with him after leaving his post at Citi. Between July 2010 and December 2010, Foster had allegedly moved $900,000 from Citigroup’s interest expense account and $14.4 million from the bank’s debt adjustment account to the cash account. From there, in eight separate wire transfers, he had funds routed to an outside, personal account.

In this case, the activity was outside his normal activities. Usually for ACH and Wire transactions a higher officer need to authorize the transaction .Foster was working in finance department and was not an officer. Transaction monitoring such as anomaly detection called for in the new FFIEC guidance, would have picked up the fraud very early. Historically, the ACH and wire channels have not had sophisticated fraud-detection capabilities. That knowledge offers opportunity for inside jobs. They take advantage of the trust of their co-workers, management and the company. Even though transaction monitoring is not in place some behavioral triggers should have clued executives at Citi.