There are valuable lessons to be learned when things go bad. All of us are susceptible to cybercrime in this industry as well as global business. I think it’s important to understand the “hows” in order to engineer the “solutions”.

Post Breach Summary – October 26, 2012:
The State of South Carolina announces that 3.6 million Social Security Numbers and 387,000 credit and debit card numbers were exposed in a recent successful cyber security attack. This Department of Revenue incident currently affects those who filed South Carolina tax returns since 1998. (With a... read more >

We are constantly hearing about phishing attacks and the damage they do. As a security professional, I am often asked what users can do to avoid becoming the victim of a phishing attack.

Organizationally, there are several things you can do to help avoid becoming a phishing victim, and to minimize damage if you are victimized. Some of these include:
 

The Internet Crime Complaint Center (iC3) has released a Fraud Alert detailing increased fraudulent wire transfer activity observed across the financial services sector. Although we urge close review of the report and its recommendations, the Solutionary Security Engineering Research Team (SERT) provides a brief summary below.

The alert is based on FBI reports of increased activity of fraudulent wire-transfers occurring just prior to large-scale Distributed Denial of... read more >

The latest news in malware has been the recent Kaspersky Labs discovery of the sophisticated attack toolkits named Gauss. Headlines also include reports of the Zegost RAT being served by compromised Nepalese government websites. However, the majority of the malware samples received the last couple of weeks have been related to the Blackhole Exploit Kit.

The Solutionary SERT research team has been tracking this issue for some time and our public reports up to this point have been relatively high-level. If what we’ve observed over the past few weeks is any indicator, Blackhole will not be going away any time soon, and it... read more >

I am sure most of you have heard of the recent cyber crime wave called “Operation High Roller”. This was an extremely sophisticated attack where the fraudsters start by targeting banking customers and sending them a phishing email. (There’s a surprise huh?) Once the user clicks on the phishing email link, their computer is infected with a variant of Zeus or SpyEye malware. The next time the user attempts a bank transaction from the infected computer; the malware covertly operates the transaction session background to perform a fraudulent transaction directly with the bank. This tactic includes “stalling” the user while the malware establishes the proper transaction credentials and other information required... read more >