[Fwd: Bank Technology News Intelligencer: Warn Your Execs: Whalers Targeting Bank CEOs ]

[Arshad Noor <arshad.noor () strongauth com>]

Fascinating attack at a number of levels:

1) The attacker installs a new Trusted Root CA certificate on the
    victims' computer;
2) Steals Client-Certificates (and presumably, Private Keys stored
    in files) in addition to stored passwords and account information;
3) Targets only CxOs;

Attackers appear to be moving at warp-speed in exploiting weaknesses
in technology and business processes, while corporations are still
stuck trying to get into third - perhaps even second - gear despite
real solutions staring them in the face.  Pathetic.

Arshad Noor
StrongAuth, Inc.

------------------------------------------------------------------------
<http://www.americanbanker.com/btn_article.html?id=20080604332OVKTM&email=y>

Security researchers at SecureWorks are warning about the latest spear
phish-now more catchily-called whaling, because of the big-fish nature
of its targets-that is targeting CEOs and other senior financial
services executives.


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml