These Financial IT Security links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing from the past week.
Last year, Monmouth County’s bank account was infected with ZeuS Malware. It has happened again, but this time to Salem County.
“The county will also be setting up a new secure computer solely for the use of bank transactions. This computer will have no email, no public Internet access, no disk drive or USB ports.”
It’s nice to see Salem County thinking outside the box by setting up the new secure computer. Without drives or ports there is no way for a person to plug in directly with a Live CD or USB. But will that still stop ZeuS?
Not long ago we shared how during audits, the FDIC will be looking to make sure banks have tested their WLAN Security. Since then, even more customers have been pleased that we notified them of the addition.
Now, Info Security Magazine has published an article describing just a few of the attacks that could be done by a malicious hacker with access to a bank’s WiFi. One of the more common attacks would be Man-In-The-Middle attacks, which Pivot Point Security offers as part of our Internal Penetration Testing services.
Knowing the damage that can be caused by someone with bad intention should provide enough reason to have a WLAN tested. So if your bank has WiFi and has yet to test its security, please give us a call to see how we can help.
If you haven’t heard of Google Wallet, it’s a tool that enables a person make financial transactions using a mobile device like a smart phone or tablet. Google Wallet uses near field communication (NFC) to send the data, a technology that has been a topic among IT security professionals.
However, this vulnerability is not found in the NFC technology. Instead, it is the PIN set by the user. Using a new app, Wallet Cracker, the PIN can be revealed without a single invalid attempt. View the video below to see how easy it is.
The app and hack was done while the Google phone was rooted, which Google does not recommend. Although Google does not currently have a remedy for the vulnerability, the Wallet Cracker developer did offer some advice:
- Don’t root the phone
- Enable lock screens such as face unlock, pattern, PIN, password – rather than just slide
- Disable USB debugging
- Enable full disk encryption
- Keep device software updated and use only official software
Financial IT Security
Arguably, beyond the government itself, no industry has a greater impact on the health of our economy than financial services. And nothing has a greater impact on a financial entity than to lose the confidence and trust of its customers. Your Financial IT Security concerns can and should be addressed by an independent and objective Information Assurance firm. Pivot Point Security can help your Financial Organization to know you’re secure and prove you’re compliant. See how we can help.
Don’t miss out on the Ethical Hacker Roundup
The series is published on Fridays and we are open to your link suggestions. If you would like to submit an article, reach out to us through email.