IcedID stealer (Also known as BokBot) was first discovered at the end of 2017, believed to be a resurgence of the NeverQuest banking Trojan. It is a modular banking trojan that uses man-in-the-browser (MitB) attacks to steal banking credentials, payment card information and other financial data. The stealer possesses relatively sophisticated functionality and capabilities such as web injects, a large remote access trojan (RAT) arsenal and a VNC module for remote control.

Today Calligo announces it has completed its fourth acquisition of 2020 – and ninth in three years – with the purchase of Network Integrity Services, a UK-wide IT managed services provider specialising in managed IT, cloud and security services with locations in Manchester, Birmingham, Leicester and Hemel Hempstead.

The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending to hide their true origins.

As an infosec professional, you’ve likely heard of the National Institute of Standards and Technology (NIST).

A number of software packages offer data storage in the cloud. Convenient? Yes, however, the data resides in its own silo which can make it difficult to manage – from security with a clear audit history, to accessibility to making sure the latest content is available to project stakeholders. A true common data environment (CDE), keeps and protects all that content in a single, secure repository in the cloud with integrations to applications.

In the final blog post of our three-part series on cloud security, we outline the key controls organisations should take to minimise cloud security risks.

This is the first part of a two-part advanced technical tutorial that describes how you can use the Defensics SDK to set up your own Bitcoin network. This is the first of two articles that describe how to use the Defensics® software development kit (SDK) to fuzz Bitcoin software. Specifically, you’ll learn how to model one of the Bitcoin network protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.

Universal Health Services (UHS), a Fortune 500 company and healthcare services provider, has reportedly shut down systems at facilities throughout the United States after the Ryuk ransomware hit its network on September 27, according to an article on the Health IT Security website. What is Ryuk ransomware? Ryuk is a sophisticated ransomware threat that targets businesses, hospitals, and government institutions across the world.

Security researchers working with IBM Security recently uncovered a new malware code that is being used to attack online banking users in Brazil. Referred to as ‘Vizom’ by the team, the code utilizes remote overlay attacks to siphon sensitive financial data and make fraudulent transactions from victims bank accounts.

PSD2 is the new EU Directive that aims to open up the banks and allow non-banking institutions to provide payment services. It is a great thing but it comes with many requirements. They are in the form of implementing and delegated acts of the European Commission as well as guidelines of the European Banking Authority. The directive, the implementing acts, and the guidelines are mostly best industry practices with regard to security and risk management.