two-factor authentication

Pierluigi Paganini April 17, 2014
New iBanking mobile Trojan exploits Facebook platform

Security experts at ESET detected a new variant of iBanking Trojan offered in the underground that exploits Facebook platform as vector of infection. iBanking is the name of a mobile banking Trojan app distributed through HTML injection attacks on banking sites. iBanking deceives victims impersonating itself as a  ‘Security App‘ for Android, we have spoken about it  early 2014 […]

Pierluigi Paganini February 24, 2014
iBanking Mobile Bot Source Code available for sale in the underground

iBanking is a new mobile banking Trojan available for sale in the underground for $5,000 according the RSA’s FraudAction Group.  The source code for iBanking banking trojan has been leaked online through an underground forum, this kind of news reports a serious threat from the cybercrime ecosystem. Like happened for other trojan, including Zeus and Carberp, the […]

Pierluigi Paganini February 23, 2014
Banking trojan hit a large number of Islamic Mobile Banking Customers

Security researchers at InterCrawler discovered a Banking trojan which infected a large number of devices the Middle East belonging to Islamic Banks. IntelCrawler cyber intelligence firm discovered a large fraud campaign against major Islamic banking institutions. The attackers have used a sizable mobile botnet, more than 27 000 intercepted SMS-messages were detected between April 2013 and […]

Pierluigi Paganini February 02, 2014
Why Facebook Android App needs to read user SMS and MMS?

The last update for the Facebook Android app reads user’s text messages, is it an abuse of privilege or what else? Here you are the truth … maybe A recent update for Facebook Android raised a great concern for user’s privacy because it can read text messages on the smartphone. The climate of suspicion after the […]

Pierluigi Paganini January 31, 2014
Yahoo Mail hacked,attackers gain unauthorized access to its accounts

  The company has issued a security advisory to warn users that Yahoo Mail Service was hacked, hackers have stolen credentials of its email customers. Yahoo Mail! is considered one of the largest email service providers, millions of people use is every day, it’s clear that it represents an attractive target for cyber criminals. The […]

Pierluigi Paganini October 29, 2013
Social media and digital identity. Prevention and incident response

The hack of a social media account is a common incident that could have a serious impact of our digital identity. How to prevent it? What to do in case of hack? Social media, cloud computing and mobile are technologies that most of all attract cybercriminals due their high penetration, exploiting this channels attackers could […]

Pierluigi Paganini October 24, 2013
Android Wroba banking trojan targeted Korean users

The Antivirus vendor Malwarebytes revealed that the Wroba banking trojan distributed via file sharing sites and alternative markets targeted Korean users. Today I presented at Cyber Threat Summit 2013 the topic “Modern online-banking cybercrime” and just a few hours after it is appeared the new Android banking Trojan targeting Korean banks. The number of malware […]

Pierluigi Paganini September 02, 2013
Reversing Dropbox client code raises security issues

Researchers at last USENIX security symposium presented a new method and consolidated techniques for reversing Dropbox code to bypass Dropbox’s two factor authentication, hijack Dropbox accounts and intercept SSL data. Reversing Dropbox analysis allowed researchers to crack its open cloud storage service, reverse engineering the encryption protecting the client it is possible to open it up […]

Pierluigi Paganini July 19, 2013
Brute-forcing applications spotted in the wild … pros and cons

Brute forcing applications spotted in the wild demonstrates the continual interest of cybercrime … What is the limitations of this attack technique? Cybercrime industry has a fervent creativity and  new products are daily offered in the underground. I desire to close this week with a look to the offer on the black market speaking of brute-forcing applications […]

Pierluigi Paganini July 06, 2013
DropBox account hacking bypassing two-factor authentication

Zouheir Abdallah revealed that a hacker already knows the victim’s credentials for Dropbox account that has 2FA authentication enabled, is able to hack it. Few hours ago I was informed that Q-CERT team found a critical vulnerability in DropBox that allows a hacker to bypass the two-factor authentication implemented by the popular file sharing service. […]