Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.
The problem was severe enough to warrant an advisory from FinCERT, a Russian CERT responsible for fighting cybercrime targeting Russian financial institutions in late 2016.
RTM is using its malware to spy on victims in a variety of ways such as monitoring keyboard strokes and smart cards inserted in the system, according to security software firm ESET. Malicious software allows all-time monitoring of banking-related activities as well as the possibility to upload files from the compromised system to its Command and Control (C&C) server.
“The malware actively searches for export files common to popular accounting software mainly used in Russia,” said Jean-Ian Boutin, a malware researcher at ESET.
The targeted files – associated with a popular accounting software called “1C: Enterprise 8” – are likely to be of interest since they can contain details of bulk transfers, an intermediary step in RBS execution of payment orders. These text files can be tweaked by the criminals to modify recipient account details in order to trick victims into sending funds to an account maintained by (likely low-level) members of the gang.
Pod 3 GPS 定位器,支持蓝牙、Wi-Fi 和 2G/3G 蜂窝网络功能
RTM, which ESET reckons has been active since 2015, is not the first group to pursue this method of attack. Others like Buhtrap and Corkow have also targeted RBS users in the past, slowly building an understanding of the network and building custom tools to steal from corporate victims.
RTM is another manifestation of a trend in cybercrime involving specialised criminals mounting targeted attacks against financial institutions’ clients. RTM’s victims are largely located in Russia and surrounds but other groups using similar tactics are active in Western Europe.

“The growth in capabilities and methodology of groups like these, which are primarily targeting Russia at the moment, suggests that businesses in other parts of the world, vulnerable to similar attacks, are likely to be their next targets,” Boutin warned.
Last summer, MELANI, a Swiss reporting and analysis centre for information assurance, issued a newsletter warning companies against hacker groups targeting offline payment software using the Dridex malware.
ESET released a white paper (summarised in a blog post here) on RTM’s nefarious activities on Tuesday. ®
Sponsored:
Continuous lifecycle London 2017 event. DevOps, continuous delivery and containerisation. Register now
相信随着电脑、手机、电视及其它各类终端设备越来越多地接入互联网,安全问题会越来越多,也会有越来越多的厂家会进入安全领域。
公司应该设立和公布专门处理安全问题的联络邮箱和系统,让人们能报告各类安全事件,并采取及时的响应。

猜您喜欢

山东2017年高考网报安全升级 考生个人信息要加密
信息安全治理中人的要素
网络安全宣传——保护信息设备资产安全
中国尖端武器亮相阿布扎比多种方案供中东土豪选择
SHOP-COUTURE STARTVACATIONINGNOW
信息安全海报

Android Security Bulletin February 2017: What you need to know

信息系统和数据都属于组织,它们应该被用于工作,组织拥有监控基于网络系统的工作情况和过滤不利于工作的内容的权限,这些都要告知员工,并让其签署认可。另外,现在人们越来越重视个人隐私,要小心办公室隐私、互联网隐私和监控之间的平衡。
网络安全宣教——识别、报告和防范社交工程攻击

在用户离开桌面电脑时,它应该被锁定起来、注销登录或者关闭。短暂的离开时需要使用“Windows”键加上“L”键进行锁定。

猜您喜欢

[公告]景旺电子:内幕信息知情人登记管理制度
商业银行信息科技风险中的人员安全问题研究
安全行业新闻荟萃!神马都有!
北师大将在厦门办美术公益营
HALSAEED VALOTRY
移动办公用户必须了解的加密基础

75% off Brother P-Touch PT-D210 Label Maker – Deal Alert

‘);
IDG.GPT.addDisplayedAd(“gpt-pin”, “true”);
IDG.GPT.addLazyloadedAd(“gpt-pin”, “true”);
大量的中小型企业并不能正确认识网络信息安全的重要性,不肯在这个方面投入资金,最终承受巨大损失的例子屡见不鲜。
document.write(”);
IDG.GPT.displayGoogleTagSlot(‘gpt-pin’);
if (Object.keys(IDG.GPT.companions).length > 0) {
IDG.GPT.refreshAd(‘gpt-pin’);
}
//–>
The PT-D210 makes it easy to create great-looking labels for your home and office. With convenient one-touch keys, you can quickly access fonts, symbols, frames and templates. Plus, you can preview your work on the display. The highly rated unit is a #1 best-seller on Amazon, where it has been discounted 75%, for what will likely be a limited time. So instead of $40 you’ll be paying just $10. See the deal now on Amazon.
This story, “75% off Brother P-Touch PT-D210 Label Maker – Deal Alert” was originally published by

TechConnect.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
At a Glance
Brother P-Touch PT-D210 Label Maker
$9.99
MSRP $39.99
View
on Amazon
网络安全宣传周公益教育动画APT高级持续威胁
Related:
Home Tech
Consumer Electronics
Gadgets
Mobile
Our DealPost commerce team presents the best deals on products and services from online retailers and our partners.
乌云安全平台创始人方小顿谈架构师和互联网安全,国内互联网的安全情况与国外相比还是有很大差距的,用户意识跟不上是关键。

猜您喜欢

2017年临床医师考试网上报名操作流程指南(图文版)
企业安全宣传小短片
网络安全宣传——保护信息设备资产安全
解放军若攻击台军能抵挡多久或撑不过三天
LIBRODEISOGNI FOX4NOW
无节操黑客为不良搜索公司蝇头小利而入侵其竞争对手并窃取商业机密

网上敲诈车安全

Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety.
无线接入器 锐捷网络RG-RAP210报700元
Download: Rook_Security_on_Online_Extortion.mp3
Music by Chris Gonsalves
信息系统正式上线运行前,应对系统进行功能、性能与安全性测试与验收,经相关流程审批后方可投入使用。
Mat Gangwer,首席技术官,和Tom Gorup,安全操作,在车的安全和Mike Mimoso谈谈网上敲诈咄咄逼人的上升和它如何不仅威胁数据物理安全。

下载: rook_security_on_online_extortion.mp3
Chris Gonsalves的音乐
信息系统的数据安全管理本身并不复杂,处理业务过程也很明确和简单,但是在一个企业里要约束企业的业务人员处理信息的行为,没有明确制度约束是无法实现的。

猜您喜欢

企业安全宣传小短片
互联网金融移动APP与虚假WIFI的信息安全教训
海外安全及紧急救护培训课程课件,助力中国企业拓展海外市场:
中国正制定工业互联网顶层设计 数千亿元市场空间..
BELLELLI LIVESCORES
无节操黑客为不良搜索公司蝇头小利而入侵其竞争对手并窃取商业机密

谷歌公开了未打补丁的微软漏洞

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day disclosure deadline policy Google Project Zero publicly disclosed the the bug Monday.
谷歌
“As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we’ve discovered that not all of the DIB-related problems are gone,” wrote Google engineer Mateusz Jurczyk in a technical description of the vulnerability.
Related Posts
相关文章
Despite notification of the bug, the soonest Microsoft might release a patch for the flaw is in March; Microsoft decided to delay its monthly February security bulletins until next month.
尽管错误通知,最快的微软可能会发布一个补丁的漏洞是在三月;微软决定推迟其二月安全公告 直到下个月。
The flaw is tied to Windows’ GDI library (gdi32.dll), Jurczyk said. In a proof-of-concept exploit, multiple bugs related to the handling of DIBs (Device Independent Bitmaps) embedded in EMF (Enhanced Metafile Format) records created conditions where “255 pixels are drawn based on junk heap data, which may include sensitive information, such as private user data or information about the virtual address space.”
这个缺陷与窗户有关
“It is possible to disclose uninitialised or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker,” Jurczyk said. “I have confirmed that the vulnerability reproduces both locally in Internet Explorer, and remotely in Office Online, via a .docx document containing the specially crafted EMF file.”
Google Project Zero, the internet giant’s bug hunting team, privately disclosed the vulnerability to Microsoft on Nov. 16. As part of Project Zero’s policy, it will notify parties of a vulnerability and after 90 days elapses the vulnerabilities become public – whether or not they have been patched by the company in question.
谷歌Project“零”,互联网巨头

Microsoft did not reply to requests for comment.
微软没有回复置评请求。
Microsoft originally issued a patch classified as “important” in June to address the vulnerability. At the time, Microsoft described it as a bug that could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.
微博是工具,好人可以用来做好事,坏人也可以用来干坏事,这都不是微博自身的问题,实名和认证,监管和审查,过滤和删除,道德与法律,自觉与自律,肯定会有些效果,虽然博弈一直在继续。
微软最初发布了一个补丁归类为
According to MITRE’s Common Vulnerabilities and Exposure database, the flaw (CVE-2017-0038) is a result of “an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.”  According to the CVE ID, impacted are Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016.
片仔癀位列”中华老字号”品牌价值第三
根据切割
“It is strongly advised to perform a careful audit of all EMF record handlers responsible for dealing with DIBs, in order to make sure that each of them correctly enforces all four conditions necessary to prevent invalid memory access (and subsequent memory disclosure) while processing the bitmaps,” Jurczyk wrote.
公司应该定期或根据工作需要及时对高级管理人员开展信息安全管理与治理相关培训,对参与信息系统建设、运行维护和操作使用的人员进行安全教育、技能培训和考核。

猜您喜欢

【快讯】占陇镇占杨小学开展交通安全专题教育活动
几人知晓系统及安全日志审查
安全月安全生产教育动画片——小李的一天
进球视频-萨乌尔强袭直杀禁区 兜射美妙弧线球挂远角
WEEKENDFOOTBALL MELODICDAY
安全互动教学培训游戏设计制作服务

I infected my Windows computer with ransomware to test RansomFree’s protection


掌趣科技(300315)融资融券信息(02-14)

提升信息安全?如何才能短平快?当然是进行信息安全意识培训啦!
移动电话认证因子与智能卡、一次性口令牌等相比,可谓最便宜的了,部署起来也很方便。

猜您喜欢

洋钱罐通过公安部信息系统安全等级保护三级备案
企业信息安全员工需知
网络信息安全小调
3.2亿欧即将到位!米兰易主无障碍转会资金1亿欧
CHAMBERMASTER GAL-STUDIO
APT攻击将更加普遍,您准备好应对之策了么

Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.
The tactic was previously seen in 2013. Attacks typically begin with booby-trapped emails harbouring malicious attachments that pose as eFax messages. If installed, the malicious code uses DLL hijacking to create a backdoor on compromised machines.
洛阳轴研科技股份有限公司2017年第一次临时股东大会决议公告

The method helps to camouflage spying as well as allowing hackers to snoop on encrypted comms, warns Danish security intelligence firm Heimdal Security.
“Many of the victims appear to be ordinary users, but some are high-profile industrial, research, or diplomatic targets,” explains Heimdal’s Andra Zaharia.
“This attack can also circumvent two-factor authentication and can also give cybercriminals access to encrypted content which is unencrypted by the users on their compromised computers.” ®
Sponsored:
不要在多个站点使用同一密码;手机也要设置访问密码或手势图案保护。
Continuous lifecycle London 2017 event. DevOps, continuous delivery and containerisation. Register now
信息安全是金融业信息科技的永恒主题,信息安全工作是一个系统工程,需要决策层、管理层、技术层通力配合,采取综合的防范措施,不断改进和完善信息安全管理机制,把安全风险降低到最小程度。

猜您喜欢

铁路局积极推进高铁安全防护工程数据库建设
电子商务行业的安全意识教育
白帽黑客速成
2017中国人民银行国考递补人员面试公告
WAIMAI MINDVIEWINC
一分钟了解信息安全基础知识

Steam Link Is 60% Off – Mirror Your Gaming Setup to TV at 1080p – Deal Alert

‘);
IDG.GPT.addDisplayedAd(“gpt-pin”, “true”);
IDG.GPT.addLazyloadedAd(“gpt-pin”, “true”);
document.write(”);
IDG.GPT.displayGoogleTagSlot(‘gpt-pin’);
信息安全不仅是技术问题,同时也是社会和法律问题。虽然法律不可能完全解决信息安全领域中的所有问题,但在一定程度上会遏制问题的发生。
if (Object.keys(IDG.GPT.companions).length > 0) {
IDG.GPT.refreshAd(‘gpt-pin’);
}
//–>
The Steam Link allows existing Steam gamers to expand the range of their current gaming set up via their home network. Just connect your Steam PC or Steam Machine to your home network, plug into a TV, and stream your games to the Link at 1080p. Video and audio data is sent from your computer to the Steam Link, while your controller input is sent back in real time. Virtually every game that your computer runs can be played on your TV. Steam Controller, Xbox One USB wired, Xbox 360 USB wired, Xbox 360 wireless, PS4, PS3 wired and Wii-U Pro controllers are compatible, as are many third-party Xbox controllers. Steam Link’s typical price is $50, but right now you can get it on Amazon for just $20. See the significantly discounted Steam Link on Amazon.
This story, “Steam Link Is 60% Off – Mirror Your Gaming Setup to TV at 1080p – Deal Alert” was originally published by
TechConnect.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
At a Glance
Steam Link
$19.99
新工投资(00666)每股综合资产净值约为0.291港元

MSRP $49.99
View
on Amazon
Related:
Gaming
Games
Gaming Gear
Consumer Electronics
Gadgets
Our DealPost commerce team presents the best deals on products and services from online retailers and our partners.
某些偏激的黑客则可能在特定领域的安全漏洞挖掘中取得重大突破,这需要拥有较强整合能力的安全专家,方可有效综合利用各个领域的专家人才。

猜您喜欢

信息安全培训视频
网络安全知识科普——如何保护个人信息
免费注册信息系统安全师CISSP在线培训
赵又廷有多爱高圆圆看这个小细节就懂了(图)
HOWTO-GET-RID-OF ELLIOTTWAVE
保密培训第一课:准确定密并正确标识国家秘密

网上敲诈车安全

Mat Gangwer, CTO, and Tom Gorup, Security Operations Lead, at Rook Security talk to Mike Mimoso about the aggressive rise in online extortion and how it threatens not only data but physical safety.
Mat Gangwer,首席技术官,和Tom Gorup,安全操作,在车的安全和Mike Mimoso谈谈网上敲诈咄咄逼人的上升和它如何不仅威胁数据物理安全。

Download: Rook_Security_on_Online_Extortion.mp3
下载: rook_security_on_online_extortion.mp3
信息安全的最弱环节,一些观点:受信任员工和转岗员工可能引起的安全风险可能大于离职员工;年轻的“数码一代”缺乏知识产权和安全保密意识;密码重置机制可能比密码更脆弱。
中国企业成功走出去,打造懂风险控制,会安全管理的国际化人才,海外差旅安全教程来帮忙:
Music by Chris Gonsalves
Chris Gonsalves的音乐
供应链是实施网络破坏的最佳切入点之一,在业务分工越来越细化的今天,管理好供应商及合作厂商的安全,同保护好我们自己一样重要。

猜您喜欢

广西:第十二届园博会规划方案出炉 8月试运营
网络信息安全小曲
中国企业成功走出去,打造懂风险控制,会安全管理的国际化人才,海外差旅安全教程来帮忙:
全新起亚K2动力信息曝光 搭载1.4L/1.6L动力
AVTONOM PREMIERSPORTSCARSERVICE
网络安全意识动画片展播社交媒体安全使用与信息防泄露

Google Discloses Unpatched Microsoft Vulnerability

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in Windows’ GDI library that allows attackers to steal sensitive data from program memory. The flaw was first addressed by Microsoft last June, but Google said the patch was incomplete. As part of its 90-day disclosure deadline policy Google Project Zero publicly disclosed the the bug Monday.
“As part of MS16-074, some of the bugs were indeed fixed, such as the EMR_STRETCHBLT record, which the original proof-of-concept image relied on. However, we’ve discovered that not all of the DIB-related problems are gone,” wrote Google engineer Mateusz Jurczyk in a technical description of the vulnerability.
Related Posts
整个国家缺乏互联网安全意识,人民则更缺乏安全意识,不过拜文革运动之赐,多年来人们多有一种天生的怀疑心理,防范心理较强,不易轻信他人。
Despite notification of the bug, the soonest Microsoft might release a patch for the flaw is in March; Microsoft decided to delay its monthly February security bulletins until next month.
The flaw is tied to Windows’ GDI library (gdi32.dll), Jurczyk said. In a proof-of-concept exploit, multiple bugs related to the handling of DIBs (Device Independent Bitmaps) embedded in EMF (Enhanced Metafile Format) records created conditions where “255 pixels are drawn based on junk heap data, which may include sensitive information, such as private user data or information about the virtual address space.”
“It is possible to disclose uninitialised or out-of-bounds heap bytes via pixel colors, in Internet Explorer and other GDI clients which allow the extraction of displayed image data back to the attacker,” Jurczyk said. “I have confirmed that the vulnerability reproduces both locally in Internet Explorer, and remotely in Office Online, via a .docx document containing the specially crafted EMF file.”
Google Project Zero, the internet giant’s bug hunting team, privately disclosed the vulnerability to Microsoft on Nov. 16. As part of Project Zero’s policy, it will notify parties of a vulnerability and after 90 days elapses the vulnerabilities become public – whether or not they have been patched by the company in question.
Microsoft did not reply to requests for comment.

Microsoft originally issued a patch classified as “important” in June to address the vulnerability. At the time, Microsoft described it as a bug that could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.
网络安全宣传微视频——如何创建复杂且易记的密码
According to MITRE’s Common Vulnerabilities and Exposure database, the flaw (CVE-2017-0038) is a result of “an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.”  According to the CVE ID, impacted are Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016.
“It is strongly advised to perform a careful audit of all EMF record handlers responsible for dealing with DIBs, in order to make sure that each of them correctly enforces all four conditions necessary to prevent invalid memory access (and subsequent memory disclosure) while processing the bitmaps,” Jurczyk wrote.
当前智能手机用户安装和卸载应用日益频繁,遭遇恶意软件的几率也随之提高。尽管相应的安全软件已经存在,但部署率并不高。用户必须要警惕移动及云安全威胁。

猜您喜欢

互联网金融行业信息安全意识
企业安全意识之歌
网络安全微视频——密码安全意识
揭秘北京城市副中心——首都空间布局大调整
DIBAIO CUKUI
如何防范垃圾短信、骚扰电话、电话诈骗