OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [Fwd: Bank Technology News Intelligencer: Warn Your Execs: WhalersTargeting Bank CEOs ]

Fascinating attack at a number of levels:

1) The attacker installs a new Trusted Root CA certificate on the
    victims' computer;
2) Steals Client-Certificates (and presumably, Private Keys stored
    in files) in addition to stored passwords and account information;
3) Targets only CxOs;

Attackers appear to be moving at warp-speed in exploiting weaknesses
in technology and business processes, while corporations are still
stuck trying to get into third - perhaps even second - gear despite
real solutions staring them in the face.  Pathetic.

Arshad Noor
StrongAuth, Inc.


Security researchers at SecureWorks are warning about the latest spear
phish-now more catchily-called whaling, because of the big-fish nature
of its targets-that is targeting CEOs and other senior financial
services executives.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]