‘Almost all’ Pakistani banks hacked in security breach, says FIA cybercrime head

By: Shakeel Qarar

In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from “almost all” Pakistani banks was stolen in a recent security breach.

“According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo Newson Tuesday.

When pressed to clarify, the official said data from “most of the banks” operating in the country had been compromised.

Speaking to DawnNewsTV, Shoaib said hackers based outside Pakistan had breached the security systems of several local banks. “The hackers have stolen large amounts of money from people’s accounts,” he added.

“The recent attack on banks has made it quite clear that there is a need for improvement in the security system of our banks,” he observed.

He said the FIA has written to all banks, and a meeting of the banks’ heads and security managements is being called. The meeting will look into ways the security infrastructure of banks can be bolstered.

“Banks are the custodians of the money people have stored in them,” Shoaib said. “They are also responsible if their security features are so weak that they result in pilferage.”

It wasn’t immediately clear when exactly the security breach took place.

According to Shoaib, more than 100 cases are being investigated by the agency in connection with the breach.

“An element of banking fraud which is a cause of concern is that banks hide the theft [that involves them]… and the clients report [the theft] to the banks and not to us, resulting in a loss of people’s money,” he told DawnNewsTV.

“We are trying to play a proactive role in preventing bank pilferage,” he added.

Shoaib said the agency has arrested many gangs involved in cybercrimes and recovered stolen money from them.

A gang was arrested last week whose members used to disguise themselves as army officials and withdraw money from banks after gathering people’s data, the official added.

More: https://www.dawn.com/news/amp/1443970

WhatsApp: Newest Attack Target for Mobile Phishing

By: Uladzislau Murashka


Phishing attacks aren’t nearly as successful as they used to be because by now people have learned to look out for the emails that ask them to provide sensitive details. While this is true for emails, it seems that pioneer attackers have embraced other ways of utilizing phishing attacks, namely through messaging services such as WhatsApp, Skype, and even plain old SMS.

Mobile Phishing
Mobile phishing is an issue that shows no signs of abating anytime soon. According to Verizon, 90% of their recorded data breaches began with a phishing attack and right now mobile is an increasingly common attack vector.

Recent research from Wandera shows a new trend among cyber-criminals toward mobile phishing. Every day, dozens of new attacks are detected and many of them last less than a day before being shut down and relocated elsewhere. These phishing attacks share many standard features, notably centering around the use of WhatsApp.

Distribution Methods
Now that there is a widespread awareness of the dangers email-based phishing attacks bring, many savvy cyber-criminals are instead moving on to using other vectors that allow them to attack mobile devices. Many of such attacks center on WhatsApp as both the initial method of delivery and the way to reach more targets after every single success.

It isn’t just the awareness that has led to this shift. Email clients and providers have many built-in tools that identify any potential phishing emails and alert the user or automatically delete the email.

In contrast, there are no such security measures for SMS, or for app-based messaging services. Given the sheer number of different messaging apps out there, it is challenging to develop a catch-all defense against mobile phishing attacks. This results in mobile-based attacks being at least three times more effective than the phishing that takes place through desktop. Without any doubt, mobile providers should make further investments into raising cybersecurity awareness and improving it on mobile.

Exploiting WhatsApp
Unlike with phishing emails, which are often flagged as potentially malicious, there is no filtering or alert system on WhatsApp either. When a user receives a link on WhatsApp, it usually generates a preview of that website’s logo and page title. These are easy for an attacker to fake but might give a phishing message enough of a veneer of legitimacy for the user to get caught off guard.

More: https://www.zdnet.com/article/25-android-smartphone-models-contain-severe-vulnerabilities-off-the-shelf/

SIKURPhone – Beyond a Cryptocurrency Wallet and Ready for Financial Transactions

By: sikur

Whilst Sikurs competitors are promising to release secure blockchain devices, Sikur is already delivering a full and innovative operating system experience. SikurOS is powering devices that can deliver much more than secure cryptocurrency wallets and other gadgets to protect assets.

2018 has been an incredible year for us – from the rush of launching SIKURPhone at Mobile World Congress, in Barcelona, to porting SikurOS to different hardware. It has been an exciting journey and we still have more to come, said Alexandre Vasconcelos, Sikurs COO.

SikurOS is a very innovative model, although its concepts are widely available. An operating system that is capable of effectively protecting user data is an approach that has taken SIKURPhone to the next level. Combining safety with convenience is a challenge that Sikurs research and development team face every day.

According to Group-IB, more than $882 million in cryptocurrency assets was lost to fraud and hacks in 2017 and 2018, mostly in the Asian market, including the over $500 million hack of Japanese Cryptocurrency Exchange Coincheck. Protecting cryptocurrency coins for the regular investor with simplicity and usability is already possible with SIKURPhone.

After passing rigorous tests by HackerOne with a bug bounty program, securing cryptocurrency is a challenge that SIKURPhone has already overcome. Sikur is now daring to take it a step further with the Trading Station concept.

More: https://www.globalbankingandfinance.com/sikurphone-beyond-a-cryptocurrency-wallet-and-ready-for-financial-transactions/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Sikur lança solução que traz camada adicional para aplicações críticas

By: TI Inside Online

Embora os concorrentes da Sikur estejam prometendo lançar dispositivos blockchain seguros, a Sikur já está oferecendo um sistema operacional completo para uso de carteiras de criptomoedas seguras e outros gadgets para proteger ativos.

“2018 tem sido um ano incrível para nós – desde a corrida de lançamento do SIKURPhone no Mobile World Congress, em Barcelona, ??até a portabilidade do SikurOS para diferentes hardwares. Foi uma jornada emocionante e ainda temos mais por vir”, disse Alexandre Vasconcelos, COO da Sikur.

“O SikurOS é um modelo muito inovador, embora seus conceitos estejam amplamente disponíveis. Um sistema operacional capaz de proteger efetivamente os dados do usuário é uma abordagem que levou o SIKURPhone a combinar segurança com conveniência, um desafio que a equipe de pesquisa e desenvolvimento da Sikur enfrenta todos os dias”, completa.

De acordo com o Group-IB, mais de US$ 882 milhões em ativos de criptomoeda foram perdidos para fraudes e hackers em 2017 e 2018, principalmente no mercado asiático, incluindo os mais de US$ 500 milhões do Japanese Cryptocurrency Exchange Coincheck. Proteger moedas de criptomoedas para o investidor regular com simplicidade e usabilidade é o que promete o SIKURPhone.

Depois de passar por testes rigorosos da HackerOne com um programa de recompensas de bugs, garantir a criptomoeda é um desafio que a SIKURPhone já superou. Sikur está agora se atrevendo a dar um passo adiante com o conceito de Trading Station.

“O mercado financeiro é dinâmico e está em constante mudança. Os números de fraude e perda continuam aumentando à medida que a variedade de métodos de transação digital cresce. As soluções existentes não fornecem flexibilidade, usabilidade e segurança suficientes para o usuário moderno. A Sikur’s Trading Station usa a força do SikurOS e fornece camadas extras de segurança para aplicativos financeiros que exigem proteção máxima. Também introduz liberdade e flexibilidade para realizar operações de qualquer lugar, sem a necessidade de estar em escritórios ou redes altamente protegidas. As ações de trading, mobile banking e mPOS (Mobile Point of Sale) são alguns exemplos do mundo real onde a SIKURPhone pode fazer uma grande diferença para a indústria”, disse Fabio Fischer, vice-presidente executivo da Sikur.

Proteger dados localmente e na nuvem é uma alta prioridade para empresas e governos. Portanto, ter aplicativos conhecidos nesses dispositivos está se tornando obrigatório, pois a segurança preocupa mais pessoas a cada ano.

“Na Sikur, a inovação faz parte do nosso DNA. Estamos sempre procurando criar. Essa energia dá a todos mais poder e determinação para progredir. O conceito de Trading Station vem dessa maneira de pensar”, diz Alexandre Stumpf, CTO da Sikur.

Mais: http://tiinside.com.br/tiinside/seguranca/mercado-seguranca/31/10/2018/sikur

Xperiaをデータ保護に特化させたスマホ「SIKURPhone XZ1/XA2」発表

By: Engadget Japan

セキュリティ企業のSikurは、データ保護に特化したスマートフォン「SIKURPhone XZ1/XA2」を発表しました。その名前や本体デザインからもわかるように、ソニーのXperia XZ1/XA2がベースの端末となっています。


SIKURPhone XZ1/XA2はAndroid OSをベースとしたカスタムOS「SikurOS」を搭載。クラウドベースの専用アプリにて暗号化通信を利用したボイスメッセージを送受信したり、ドキュメントを編集したり、動画通話が利用できます。なお、アプリの専用ストアは2018年末までにローンチされる予定です。

さらにSikurによれば、SIKURPhone XZ1/XA2は暗号通貨の取り扱いにおいても「最も安全なデジタルウォレット」だとしています。また、エンタープライズ用途としては遠隔でのデバイスやユーザーの管理が可能です。

本体スペックはベースのスマートフォンと変わらず、SIKURPhone XZ1はディスプレイが5.2インチでプロセッサがSnapdragon 835、1900万画素カメラを搭載。SIKURPhone XA2はディスプレイが5.2インチでプロセッサがSnapdragon 630、2300万画素カメラを搭載しています。

SIKURPhone XZ1/XA2の価格はそれぞれ850ドル(約9万6000円)と650ドル(約7万4000円)。最新ではありませんが十分なスペックにセキュリティ機能を搭載したスマートフォンとして、企業からの需要が見込まれそうです。

もっと: https://headlines.yahoo.co.jp/hl?a=20180928-00010002-engadgetj-prod

SIKURPhone – 仮想通貨ウォレットを超えて金融取引の準備が整う

By: Business Wire

  • SIKURPhone – ファースト・クラスのセキュリティーを備えたハイエンド・スマートフォンの利便性
  • セキュア・コミュニケーション市場で先頭を歩むデバイス
  • オペレーティングシステムのSikurOSがセキュリティー思想の基盤

ロンドン–(BUSINESS WIRE)– (ビジネスワイヤ) — Sikurの競合企業はセキュアなブロックチェーン・デバイスを発表すると約束している段階ですが、Sikurは、完全な革新的なオペレーティングシステムの体験を既に提供しています。SikurOSは、安全な仮想通貨ウォレットや資産を守るためのその他のガジェット以上のものを多数もたらすことができるデバイスで使用されています。

「2018年は私たちにとって信じられない年となっています。バルセロナで行われたモバイル・ワールド・コングレスでSIKURPhoneを発表してから、SikurOSを異なるハードウェアに移植するまで前進しました。これまで活発な作業が続いてきましたが、まだ新たなものが控えています」と、Sikur最高執行責任者(COO)のAlexandre Vasconcelosは述べています。




「金融市場は動的なものであり、常に変化しています。デジタル取引方法の種類が拡大するにつれて、詐欺や紛失事件の数は増加を続けています。これまでのソリューションでは、現代のユーザーが必要とする柔軟性、容易さ、セキュリティーを十分に提供することができません。Sikurのトレーディング・ステーションはSikurOSの能力を利用し、最高度の保護を必要とする金融アプリに追加的なセキュリティー・レイヤーを提供します。どの場所にいても操作を実行できる自由と柔軟性も実現し、オフィスや高度に保護されたネットワークから操作する必要はなくなります。株式の取引、モバイル・バンキング、mPOS(モバイル販売)は、SIKURPhoneが業界で大きな改革を起こすことのできる実際的事例の一部です」と、SikurのエグゼクティブVPのFabio Fischerは語っています。


「Sikurでは、イノベーションが浸透しています。私たちは常に創造を目指しています。このエネルギーが、前進するために必要なパワーと決意を全員に与えています。トレーディング・ステーションのコンセプトはこのような考え方から出てきたものです」と、SikurのCTOのAlexandre Stumpfは述べています。

もっと: https://www.jiji.com/jc/article?k=20181030006247&&&&g=bw

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

By: Mohit Kumar

Cybersecurity researchers have revealed an unpatched logical flaw in Microsoft Office 2016 and older versions that could allow an attacker to embed malicious code inside a document file, tricking users into running malware onto their computers.

Discovered by researchers at Cymulate, the bug abuses the ‘Online Video‘ option in Word documents, a feature that allows users to embedded an online video with a link to YouTube, as shown.

When a user adds an online video link to an MS Word document, the Online Video feature automatically generates an HTML embed script, which is executed when the thumbnail inside the document is clicked by the viewer.

Researchers decided to go public with their findings three months after Microsoft refused to acknowledge the reported issue as a security vulnerability.

How Does the New MS Word Attack Works?

Since the Word Doc files (.docx) are actually zip packages of its media and configuration files, it can easily be opened and edited.

According to the researchers, the configuration file called ‘document.xml,’ which is a default XML file used by Word and contains the generated embedded-video code, can be edited to replace the current video iFrame code with any HTML or javascript code that would run in the background.

More: https://thehackernews.com/2018/10/microsoft-office-online-video.html?m=1


Cybercrime Damages $6 Trillion By 2021

By: Steve Morgan

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades

The 2017 Official Annual Cybercrime Report is sponsored by Herjavec Group,  a leading global information security advisory firm and Managed Security Services Provider (MSSP) with offices across the United States, Canada, and the United Kingdom. Download PDF

Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the numbers.

Last year, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.

The cybercrime prediction stands, and over the past year it has been corroborated by hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally.

The damage cost projections are based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation state sponsored and organized crime gang hacking activities, and a cyber attack surface which will be an order of magnitude greater in 2021 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.

More: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Sikurphone – nejbezpečnější způsob komunikace bez obav z odposlechu citlivých informací

By: Mgr. Petr Duchoslav

Společnost Satomar, distributor vybraných produktů z oblasti komunikačních a informačních technologií, představuje na našem trhu telefony SikurPhone a komplexní platformu Sikur, která představuje nejbezpečnější způsob osobní a firemní komunikace. Toto řešení je určeno pro každého, komu záleží na důsledném uchování svého soukromí.

SikurPhone je samostatný ekosystém bezpečné privátní komunikace mezi všemi zařízeními vybavenými příslušným operačním systémem nebo aplikací s možností propojení i se všemi dalšími mobilní telefony, tablety a počítači. Díky úzké spolupráci se společností Sony jsou základem tohoto ekosystému dva modely smartphonů Sony, na které je nainstalován vlastní operační systém SikurOS založený na Androidu. Ten umožňuje šifrované a zabezpečené spojení splňující nejvyšší bezpečnostní kritéria mezi zařízeními SikurPhone či staršími GranitePhone. Kromě popsaného hardware mohou být díky speciální aplikaci do zabezpečeného systému připojena také další zařízení s operačními systémy Android, iOS či Windows.

Bezpečná komunikace prověřená hackery

Zajištění diskrétnosti spočívá ve vysoce propracovaném a sofistikovaném formátu kódování informací s využitím několika bezpečnostních vrstev. Platforma SikurPhone zahrnuje vlastní zabezpečenou nadstavbu operačního systému Android – SikurOS – která díky propracovanému řešení eliminuje nutnost využívání VPN či firewallu. SikurOS je dostupný buď předem předinstalovaný v sadě s jedním z ověřených mobilních telefonů pocházejících z dílny Sony, nebo pak prostřednictvím aplikace, kterou je možné získat na běžně používaných obchodech Google Play, App Store či na stránkách výrobce sikur.cz. Bezpečná komunikace je zajištěna pouze mezi zařízeními využívající Sikur OS. Samozřejmostí je však zachování všech dalších způsobů komunikace mimo platformu Sikur na smartphonech a počítačích.

Neoddělitelnou součástí SikurOS je také sada ověřených aplikací, jako internetový prohlížeč, e-mailový klient, populární komunikační nástroj WhatsApp, zpravodajská aplikace shrnující nejnovější zprávy z hlavních mediálních kanálů po celém světě a další, s jejichž využitím lze zabezpečit textovou osobní i e-mailovou komunikaci včetně skupinové, sdílení souborů, telefonní hovory i video konference. Po testování a schválení se součástí tohoto nejbezpečnějšího běžně dostupného ekosystému může stát jakákoli další aplikace libovolného vývojového týmu.

Algoritmus šifrování dat i bezpečnost celé platformy SikurPhone byla úspěšně prověřena organizací HackerOne, která ve spolupráci s nejlepšími hackery pomáhá výrobcům ověřit jejich bezpečnostní prvky. Bezpečnost byla prověřena reálným testováním, během něhož nebyly komunikační protokoly prolomeny. Společnost Gartner označila výrobce Sikur jako dodavatele, který má v tomto technologickém segmentu příslušná řešení.

Kryptoměnová peněženka

Nedílnou součástí každého SikurPhonu je i peněženka na kryptoměny. Pokud patříte mezi fanoušky digitálních měn, představuje SikurPhone jednu z nejbezpečnějších možností jejich uložení. Se SikurWallet navíc získáte přímou podporu Bitcoin Testnetu, ideálního nástroje pro testování bitcoinových aplikací napříč platformami.


Telefony SikurPhone i aplikaci Sikur je možné objednat již nyní na stránkách sikur.cz či prostřednictvím výhradního dovozce a distributora – společnosti Satomar, s.r.o. Cena je stanovena na 19 990 Kč včetně DPH pro model SikurPhone SONY XA1 a 24 990 Kč včetně DPH pro model SikurPhone SONY XZ1. V ceně telefonu je již zahrnuta dvouletá licence pro používání platformy Sikur.

O společnosti Satomar

Společnost Satomar se již desátým rokem zabývá dovozem, prodejem a distribucí mobilních telefonů, tabletů a dalších elektronických zařízení či příslušenství. Za dobu svého působení uvedla na trh úspěšně produkty značek Revogi, Deveroux, Livall, Sunmi, ChatSIM, LCD tablety Ainol či Pipo, elektronické zápisníky Boogieboard, mobilní telefony Cube 1, Cubot nebo Oukitel, dětské hodinky s GPS Abardeen, počítačové příslušenství pod vlastní značkou Beik či minipočítače Remix. Kromě toho se společnost soustředí i na OEM výrobu pro své partnery.

Více: https://www.securitymagazin.cz/security/sikurphone-nejbezpecnejsi-zpusob-komunikace-bez-obav-z-odposlechu-citlivych-informaci-1404061641.html

3 Out of 4 Employees Pose a Security Risk

By: Steve Zurier

New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.

Despite concerted efforts by many US organizations to improve security awareness among users, a new study shows they still have a long way to go.

Some 75% of respondents today pose a moderate or severe risk to their company’s data, according to MediaPRO’s third annual State of Privacy and Security Awareness Report, and 85% of finance workers show some lack of data security and privacy knowledge.

Tom Pendergast, chief security and privacy strategist at security awareness and training provider MediaPRO, says the firm surveyed more than 1,000 employees across the United States to quantify the state of privacy and security awareness in 2018. More people fell into the risk category this year than in 2017 – and that number had nearly doubled since the inaugural survey, he says.

“The overall results revealed a trend we weren’t happy to see, that employees performed worse across the board compared to the previous year,” Pendergast says. “While I think there’s a certain amount of security fatigue from news of all the attacks, if in five years I don’t see significant change I will be surprised. There’s both a cultural a business awareness of the need to do good work in this area.”

MediaPRO based its study on a variety of questions that focus on real-world scenarios, such as correctly identifying personal information, logging on to public Wi-Fi networks, and spotting phishing emails. Based on the percentage of privacy and security-aware behaviors, respondents were assigned to one of three risk profiles: risk, novice, or hero.

Here’s a thumbnail of some other notable findings:

1. Employee performance was worse this year across all eight industry verticals measured. Respondents did much worse in identifying malware warning signs, knowing how to spot a phishing email and social media safety.

More: https://www.darkreading.com/endpoint/privacy/3-out-of-4-employees-pose-a-security-risk/d/d-id/1333037