10Fold – Security Never Sleeps – 74

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A new brand of malware called GozNym, is targeting business accounts at banks rather than the bank itself. New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives – Dubbed AI2, the technology has shown the capability to offer three times more predictive capabilities and drastically fewer false positive than today’s analytics methods. Real-life whaling attempts show the intricate changes perpetrators try to make to trick a CEO. “60 Minutes” highlights iPhone vulnerability by showcasing how they tapped into a congressman’s calls.

New “Double-Headed” Malware Has Stolen $4 Million From U.S. and Canadian Banks – Publication: Fortune- Reporter name: Clay Dillow

Meet GozNym, the hybrid malware robbing your business account. A new breed of malicious software has stolen roughly $4 million from 24 U.S. and Canadian banks over the first several days of April, IBM cybersecurity researchers report. The malware—known by the portmanteau GozNym—is a hybrid of two strains of known malware “that takes the best of both,” according to a blog post by IBM’s X-Force, part of IBM’s security division. The program is largely targeting business accounts, mostly in the U.S., and mostly via credit unions and “popular e-commerce platforms.” IBM didn’t name the specific institutions but says they have been notified.


MIT AI Researchers Make Breakthrough on Threat Detection – Publication: DarkReading – Reporter name: Ericka Chickowski

CSAIL gave a sneak peek into AI2 in a presentation to the academic community last week at the IEEE International Conference on Big Data Security, which detailed the specifics of a paper released to the public this morning. The driving force behind AI2 is its blending of artificial intelligence with what researchers at CSAIL call “analyst intuition,” essentially finding an effective way to continuously model data with unsupervised machine learning while layering in periodic human feedback from skilled analysts to inform a supervised learning model.


 10 whaling emails that could get by an unsuspecting CEO – Publication: NetworkWorld – Reporter name: Ryan Francis

Whaling threats or CEO fraud continues to grow with 70 percent of firms seeing an increase in these email-based attacks designed to extort money. There has been an uptick of activity lately as fraudsters spend the first few months of the year taking advantage of tax season, targeting finance departments with emails that look like they are coming from a company’s senior executive. Case in point are Snapchat and Seagate as companies that inadvertently gave up employees’ personal information. Email security company Mimecast has shared a handful of real-life examples of fraud attempts targeted at the person in the corner office.


Hackers Track Your Phone No Matter What Security Measures You Take – Publication: Fortune – Reporter name: Aaron Pressman

“60 Minutes” taps congressman’s calls in demo. A flaw in one part of the global cellphone network allows hackers to track phone locations and listen in on calls and text messages, 60 Minutes reported Sunday. Hackers in Germany used the weakness in Signaling System Seven, or SS7, which carriers use to exchange billing information for roaming customers, in a demonstration to track and tap the calls of U.S. Rep. Ted Lieu (D-Calif.). 60 Minutes arranged the demonstration and Lieu knew hackers would be trying to tap his iPhone