|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Arshad Noor (arshad.noor
strongauth.com)
Date: Thu Jun 05 2008 - 11:56:24 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Fascinating attack at a number of levels:
1) The attacker installs a new Trusted Root CA certificate on the
victims' computer;
2) Steals Client-Certificates (and presumably, Private Keys stored
in files) in addition to stored passwords and account information;
3) Targets only CxOs;
Attackers appear to be moving at warp-speed in exploiting weaknesses
in technology and business processes, while corporations are still
stuck trying to get into third - perhaps even second - gear despite
real solutions staring them in the face. Pathetic.
Arshad Noor
StrongAuth, Inc.
------------------------------------------------------------------------
<http://www.americanbanker.com/btn_article.html?id=20080604332OVKTM&email=y>
Security researchers at SecureWorks are warning about the latest spear
phish-now more catchily-called whaling, because of the big-fish nature
of its targets-that is targeting CEOs and other senior financial
services executives.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]