The Carberp Code Leak

By Christopher Elisan, Prinicipal Malware Scientist, RSA FirstWatch The source code for Carberp, reportedly selling for $40,000 a pop, is now out. A report of its leak started spreading a week ago and RSA FirstWatch were able to confirm through our own digging and research that the code is really available online.  As days gone by,…

The Need for Cyber Risk Intelligence Intensifies

By Laura Robinson, SBIC Chair Cyber risk has traditionally been a top concern for IT leaders. But recently, this challenge has been elevated to a top economic and national security concern. In a recent news report, Andrew Haldane, the Bank of England’s Executive Director for Financial Stability cites cyber attacks as the number one risk…

The Assembly Line Approach to Creating Malware

By Christopher Elisan, Prinicipal Malware Scientist, RSA FirstWatch The rate at which new and unique malware samples are discovered on a daily basis is staggering. The graph from AV-TEST below shows how much malware has been discovered annually. It is only half of 2013 but it has already surpassed the number of total malware seen in…

Security Analytics and the OECD Security Guidelines

In 2002, the OECD (Organization for Economic Cooperation and Development) published a revision of their 1992 Security Guidelines, reflecting significant changes in information technology and information security during that 10-year period.  The 2002 OECD Guidelines for the Security of Information Systems and Networks played an important role in fostering a “culture of security”, including through…

The Password Reset Conundrum

By Kenneth Ray, Architect, Access and Data Protection & Sandra Carielli, Principal Product Manager, Access and Data Protection Many of us have received an e-mail, either from a web portal we frequent, or from the IT department at our place of employment, telling us that we need to reset our password due to a security…

Dissecting a Cybercriminal Heist – Podcast #248

In May 2013, the U.S. Dept. of Justice indicted several members of a cyber criminal gang  allegedly responsible for the largest coordinated cash heist from thousands of ATMs across 26 countries. The scheme netted more than $45 million in less than a week and has the banking industry reeling at the manner in which this…

RSA Archer Shines in SC Magazine Review

By Martin Goulet, Director of Product Marketing, RSA Archer So far June is proving to be a celebratory month for RSA Archer.  This week, SC Magazine published a review that deemed the platform as “scalable, enterprise-focused, and content-rich.”  We’re honored to have received such high praise from the folks at SC Magazine and are thrilled…

Bugat Joins The Mobile Revolution: BitMo Hijacking SMS-Borne OTP’s #INTH3WILD

By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat’s developers managed to develop and deploy mobile malware designed to hijack out-of-band authentication codes sent to bank customers via text messages. Bugat (aka: Cridex) was discovered and sampled in the wild as early…

Groove Theory of GRC – Postulate #4: The Wall of Sound

I have spent that last few weeks wandering through my “Groove Theory of GRC” and am reaching my last postulate.   GRC is a groove that underpins the business to optimize decisions and provides the “safety” net that allows the business to grow, mature and progress.  My previous blog discussed how GRC programs must establish key…

Spotlighting Web Session Threats and Abuse with RSA Silver Tail 4.0 – Podcast #249

With cyber criminals bent on exploiting online banking, retail and consumer-facing web sites, different behaviors and techniques have emerged that fall outside typical fraudster attack methods. And most traditional means of detecting this kind of web session fraud and business logic abuse are inadequate. Jason Sloderbeck of RSA joins the Speaking of Security Podcast to…