10Fold – Security Never Sleeps – 56

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Nearly all big banks in Australia and New Zealand are being targeted by malware that makes victims think they are locked out of the app and tricks them into entering their credentials directly into the hackers fake screen. Hackers missed out of a billion dollar bank heist by misspelling the word ‘foundation’, which prompted the bank to check with the charity before transferring the money. Biometrics are becoming more mainstream as mobile apps are creating a way for different body parts to authenticate the sale or login. Research reveals that Tangle may be a future competitor of Blockchain; Tangle claims to be a decentralized financial ecosystem for the IoT devices.

Thieves Have Made A Huge Malware Play To Steal Australian Bank Login Details On Android Phones – Publication: Business Insider – Reporter name: STAFF

A digital protection company has discovered that nearly all of Australia and New Zealand’s big banks are being targeted by malware on Android phones that can steal customers online banking details. ESET released research today, showing malware known as Android/Spy.Agent.SI is able to steal login details by locking down a phone when you try to enter a bank’s app. From there, it will display a fake login screen for the bank and won’t let users leave that until they type in the details. The thieves can then use the stolen credentials to log into a victim’s account and transfer money out of it.


How A Hacker’s Typo Helped Stop A Billion Dollar Bank Heist – Publication: Reuters – Reporter name: Serajul Quadir

A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Fed, banking officials said. Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history. The hackers breached Bangladesh Bank’s systems and stole its credentials for payment transfers, two senior officials at the bank said. They then bombarded the Federal Reserve Bank of New York with nearly three dozen requests to move money from the Bangladesh Bank’s account there to entities in the Philippines and Sri Lanka, the officials said.


Biometrics Are Coming, Along With Serious Security Concerns – Publication: Wired – Reporter name: April Glaser

Research on biometric tech has amped up, leading to mobile apps that read various unique-to-you body parts to help verify your identity, raising all kinds of security and privacy concerns, and it’s still an open question as to how government and manufacturers are going to address it all. Just because someone might be able to use their ear at checkout doesn’t mean it’s necessarily going to happen anytime soon, though. “Biometrics are tricky,” Woodrow Hartzog, an Associate Professor of Law at Samford University told WIRED. “They can be great because they are really secure. It’s hard to fake someone’s ear, eye, gait, or other things that make an individual uniquely identifiable. But if a biometric is compromised, you’re done. You can’t get another ear.”


Blockchain or Tangle? Securing Transactions On The IoT – Publication: The Security Ledger – Reporter name: Paul

Guests who recently lodged at Rosen Hotels & Resorts properties in theme-park destination Orlando, Fla. must hope their data hasn’t been taken for a wild ride, after the hospitality company announced its properties have suffered a long-undiscovered payment card data breach. Rosen confirmed that an investigation of its payment card network turned up malware capable of reading cards’ magnetic stripe data as it is routed through affected systems. Rosen did not indicate how many guests were likely affected; however the malware resided on its systems for well over a year, from Sept. 2, 2014 to Feb. 18, 2016. The company was finally alerted to the presence of malware in early February after receiving unconfirmed reports of fraudulent charges involving past guests.