Police: ATM heist syndicate used computer virus to steal money



“In a related development, Petaling Jaya police chief, ACP Azmi Abu Kassim said five police reports had been lodged on such hacking of ATMs around Petaling Jaya. The ATMs were located at Jalan Yong Shook Lin, Petaling Jaya (Affin Bank, losses of RM303,000); Dataran Sunway (Al-Rajhi Bank, RM285,700); Seksyen 14, Petaling Jaya (Bank Islam, RM395,850); Kota Damansara (Bank Islam, RM221,160) and Kelana Jaya (Al-Rajhi) where the full amount lost has yet to be ascertained.”


Another 3 ATMs hacked in KL and Malacca, brings total to 17


Nicholas Cheng



“The automated teller machine (ATM) hacking blitz continues with three more banks reporting losses to Latin American gangs on Tuesday evening. In the capital, the latest casualty was the United Overseas Bank (UOB) branch in Jalan Imbi, which reported a loss of RM92,900.”


No Affin Bank customer accounts compromised by ATM hacks, says ABM


Nicholas Cheng



“No customer account balances were compromised during the spate of automated teller machine (ATM) hacks in Affin Bank over the weekend, said the Association of Banks Malaysia (ABM).”


ATM hackers hit six Affin Bank outlets for RM1.3m




“A total of RM1.271 million has been stolen from six automated teller machines (ATMs) belonging to Affin Bank Berhad and Affin Islamic Bank Berhad in Johor, Melaka and Selangor, Affin Bank said in a statement today.”



15 ATMs hacked in three days


M. Kumar, Nicholas Cheng, Nadirah H. Rodzi, And Natasha Joibi



“Five district police chiefs were kept busy on Monday as the hotlines rang off the hook with calls from bank managers over the hacking of automated teller machines.”


ATM hacking: Banks urged to take immediate action to secure ATMs




“All banks nationwide have been urged to immediately inspect and secure automated teller machines (ATM) to curb hacking of such machines.”


FBI opens Malware Investigator portal to industry


Darren Pauli



“The Federal Bureau of Investigations has released a formerly in-house malware-analysing portal to help speed up incident responses and help industry and law enforcement with investigations.”


US Banks Get Serious on Security Information Sharing


Phil Muncaster



“The US financial services industry is finally getting tough on cybercrime, with the announcement of a new body to be tasked with developing threat intelligence products.”


Laos Joins Southeast Asian Neighbors in Imposing Stricter Internet Controls


Mong Palatino



“Laos Prime Minister Thongsing Thammavong has signed a new decree imposing stricter Internet control in the country. Signed last September 16, 2014, the new regulation promotes responsible and “constructive” use of the Internet among Lao netizens.”


Malvertising attack techniques dissected




“At Virus Bulletin 2014, Bromium presented a research report that highlights the severe risk of malicious ad networks infecting end users. This research provides a real-world study of malvertising captured on YouTube, Yahoo and several top Alexa sites to demonstrate how obfuscated JavaScript delivers malicious code through Flash ads.”


UK employees targeted with fake policy violation emails




“A new cyber-crime attack has been tricking SMB employees in the UK into downloading Trojans by accusing them of violating company policy.”


FBI warns of malicious insider threats increase


Zeljka Zorz



“The FBI and DHS have issued a warning to businesses about the increase in security incidents involving malicious insiders (current or former employees, contractors, or other business partners).”


The Internet Braces for the Crazy Shellshock Worm


Robert McMillan



“A nasty bug in many of the world’s Linux and Unix operating systems could allow malicious hackers to create a computer worm that wreaks havoc on machines across the globe, security experts say.”


Tinba Trojan targets major US banks


Zeljka Zorz



“Tinba, the tiny (20 KB) banking malware with man-in-the-browser and network traffic sniffing capabilities, is back.”


Hacker publishes tech support phone scammer slammer


Darren Pauli



“Security pro Matthew Weeks has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers.”


U.K. man, who obtained bank details of 28K, pleads guilty to blackmail


Danielle Walker



“A U.K. man, Lewys Martin, pleaded guilty in London last week to blackmail, possession of articles for use in fraud and possession of indecent images of children, a report from a Bitcoin news site CoinTelegraph.com revealed.”


How to Keep Fraud Threats From Ruining Your Mobile Banking


Brian O'Connell



“With 28% of U.S. adults using their smartphones and tablets to conduct banking transactions and 60% calling access to mobile banking either "important" or "very important" in choosing banks, according to AlixPartners, there's a growing risk of consumer financial fraud.”


16-31 August 2014 Cyber Attacks Timeline


Paolo Passeri



“August is gone, and here we are with the list of the most noticeable cyber attacks occurred during the second half of the month”


160,000 new malware samples appear each day




“Malware is still being created at the record levels reached in the previous quarter: 15 million new samples were generated, at an average rate of 160,000 every day, according to Panda Security.”


Hundreds of Android Applications Risk Eavesdropping Due to Lapse in Validating X.509 SSL Certificates


Lucian Ciolacu



“Hundreds of Android applications are vulnerable to man-in-the-middle (MitM) attacks due to their failure to properly validate X.509 SSL certificates, according to the Carnegie Mellon University CERT.”


Malicious and risky apps on Android and iOS


Mirko Zorz



“Knowingly or unknowingly to the user, some apps can collect GPS data, grab your contact information, your phone ID, email address, etc. In this podcast recorded at Black Hat USA 2014, Mike Raggo, Security Evangelist at MobileIron, talks about the risky behavior of certain apps downloaded from Google Play or the App Store.”


Home Depot breached, carders selling stolen payment card info


Zeljka Zorz



“The Home Depot, a popular American home improvement and construction retailer that boasts of 2,200 stores in the US and 287 abroad, has apparently suffered a data breach that compromised customer credit cards.”


Semalt botnet hijacked nearly 300k computers


Zeljka Zorz



“The “Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn. The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.”


Namecheap accounts brute-forced by CyberVor gang?


Zeljka Zorz



“California-based domain registrar and web hosting firm Namecheap has been targeted by hackers, the company's VP of hosting Matt Russell warned on Monday, and said that the attackers are using username and password data gathered from third party sites to brute-force their way into their customers' accounts.”