Information Security Blog

Ethical Hacker Roundup – Financial Vulnerability

Ethical Hacker Roundup – Financial Vulnerability

These Financial IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.

These articles have were emailed to us, shared on Twitter @pivotpointsec, Google Plus and read in RSS subscriptions this week.


Salem County, New Jersey Bank Account Hacked

Last year, Monmouth County’s bank account was infected with ZeuS Malware. It has happened again, but this time to Salem County.

“The county will also be setting up a new secure computer solely for the use of bank transactions. This computer will have no email, no public Internet access, no disk drive or USB ports.”

It’s nice to see Salem County thinking outside the box by setting up the new secure computer. Without drives or ports there is no way for a person to plug in directly with a Live CD or USB. But will that still stop ZeuS?

Banks, Get Your WiFi Tested

Not long ago we shared how during audits, the FDIC will be looking to make sure banks have tested their WLAN Security.  Since then, even more customers have been pleased that we notified them of the addition.

Now, Info Security Magazine has published an article describing just a few of the attacks that could be done by a malicious hacker with access to a bank’s WiFi. One of the more common attacks would be Man-In-The-Middle attacks, which Pivot Point Security offers as part of our Internal Penetration Testing services.

Knowing the damage that can be caused by someone with bad intention should provide enough reason to have a WLAN tested. So if your bank has WiFi and has yet to test its security, please give us a call to see how we can help.

Google Wallet Pinned By A Vulnerability

If you haven’t heard of Google Wallet, it’s a tool that enables a person make financial transactions using a mobile device like a smart phone or tablet. Google Wallet uses near field communication (NFC) to send the data, a technology that has been a topic among IT security professionals.

However, this vulnerability is not found in the NFC technology. Instead, it is the PIN set by the user. Using a new app, Wallet Cracker, the PIN can be revealed without a single invalid attempt. View the video below to see how easy it is.

The app and hack was done while the Google phone was rooted, which Google does not recommend. Although Google does not currently have a remedy for the vulnerability, the Wallet Cracker developer did offer some advice:

  • Don’t root the phone
  • Enable lock screens such as face unlock, pattern, PIN, password – rather than just slide
  • Disable USB debugging
  • Enable full disk encryption
  • Keep device software updated and use only official software

Financial IT Security

Arguably, beyond the government itself, no industry has a greater impact on the health of our economy than financial services. And nothing has a greater impact on a financial entity than to lose the confidence and trust of its customers. Your Financial IT Security concerns can and should be addressed by an independent and objective Information Assurance firm. Pivot Point Security can help your Financial Organization to know you’re secure and prove you’re compliant. See how we can help.


Don’t miss out on the Ethical Hacker Roundup

The series is published on Fridays and we are open to your link suggestions. If you would like to submit an article, reach out to us through email.

Be sure to catch the weekly roundups by subscribing to the Pivot Point Security blog via RSS or email.


Free Whitepaper: Stop Wasting Money on Penetration Testing


Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Five Best Practices for SIEM


The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This