BreachExchange mailing list archives
[Fwd: Bank Technology News Intelligencer: Warn Your Execs: Whalers Targeting Bank CEOs ]
From: Arshad Noor <arshad.noor () strongauth com>
Date: Thu, 05 Jun 2008 09:56:24 -0700
Fascinating attack at a number of levels: 1) The attacker installs a new Trusted Root CA certificate on the victims' computer; 2) Steals Client-Certificates (and presumably, Private Keys stored in files) in addition to stored passwords and account information; 3) Targets only CxOs; Attackers appear to be moving at warp-speed in exploiting weaknesses in technology and business processes, while corporations are still stuck trying to get into third - perhaps even second - gear despite real solutions staring them in the face. Pathetic. Arshad Noor StrongAuth, Inc. ------------------------------------------------------------------------ <http://www.americanbanker.com/btn_article.html?id=20080604332OVKTM&email=y> Security researchers at SecureWorks are warning about the latest spear phish-now more catchily-called whaling, because of the big-fish nature of its targets-that is targeting CEOs and other senior financial services executives. _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- [Fwd: Bank Technology News Intelligencer: Warn Your Execs: Whalers Targeting Bank CEOs ] Arshad Noor (Jun 05)