4/10/2010

Bank Of America Employee Plants Malware on ATMs

Filed under: — Aviran Mordo

Bank of America employee, Rodney Reed Caverly, has been charged with installing malware on ATMs in North Carolina.

Caverly, who worked on the bank’s IT staff, allegedly withdrew cash untraceably from the ATMs over a period of 7 months last year. “The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time.

That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it…

At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly.

Serious New Java Flaw Affects All Current Versions of Windows

Filed under: — Aviran Mordo

There is a serious vulnerability in Java that leaves users running any of the current versions of Windows open to simple Web-based attacks that could lead to a complete compromise of the affected system. Two separate researchers released information on the vulnerability on Friday, saying that it has been present in Java for years.

The problem lies in the Java Web Start framework, a technology that Sun Microsystems developed to enable the simplified deployment of Java applications. In essence, the JavaWS technology fails to validate parameters passed to it from the command line, and attackers can control those parameters using specific HTML tags on a Web page, researcher Ruben Santamarta said in an advisory posted Friday morning.

WebKit2 API Layer Brings Split-Process Model

Filed under: — Aviran Mordo

Apple just announced WebKit2, a rework of the WebKit engine that powers Chrome and Safari. This new version of WebKit incorporates the same style of split-process model that provides stability in Chrome, but built directly into the framework so all browsers based upon WebKit will be able to gain the same level of sandboxing and stability.

Powered by WordPress