Security measures like one-time passwords and phone-based call-back authentication, considered fairly robust forms of security and in use by some banks, are no longer enough to protect online transactions against fraud, a new report from research firm Gartner Inc. warns.
In August, NACHA- the Electronics Payments Association issued an alert, warning members about attacks involving the theft of online banking credentials, mostly from small and medium size businesses being used to take over corporate accounts and initiate unauthorized transfers of funds via electronic payment networks.
Several Gartner banking clients have reported being targeted by attacks involving the use of malicious code hidden in Web browsers to intercept and corrupt banking transactions.
Read the entire ComputerWorld article.
Mozilla has released Firefox 3.5.6, 3.0.16, and SeaMonkey 2.0.1 to address 7 newly-disclosed vulnerabilities.
3 of the vulnerabilities are rated critical.
Adobe has acknowledged but won’t issue a patch for the recently disclosed “Zero-Day” remote code execution vulnerability in Reader and Acrobatuntil January 12, 2010, which is also the next Microsoft & Adobe Patch Tuesday.
- Launch Acrobat or Adobe Reader.
- Select Edit>Preferences
- Click OK
The exploit itself is being passed around and is available (to Offensive Computing subscribers) here. It also appears that development of a Metasploit module is underway already. There goes the neighborhood…