News lets the community share announcements, press releases, and recommended news articles relevant to IDTrust. (Educational materials that are not time-sensitive are listed at Articles and white papers.)
New blackmailing Trojan encrypts files using high-grade 1024-bit RSA key. A security company on Friday asked for help cracking an encryption key central to an extortion scheme that demands money from users whose PCs have been infected by malware.
Kaspersky Lab, a Moscow-based antivirus firm, put out the call for assistance after it discovered a new variant of Gpcode, a Trojan horse that has been used in isolated "ransomware" attacks for the past two years.
Read more...
A computer intrusion into a Citibank server that processes ATM withdrawals led to two Brooklyn men making hundreds of fraudulent withdrawals from New York City cash machines in February, pocketing at least $750,000 in cash, according to federal prosecutors.
The ATM crime spree is apparently the first to be publicly linked to the breach of a major U.S. bank's systems, experts say.
A draft version of the "SAML V2.0 Information Card Token Profile" has been submitted to the OASIS Security Services (SAML) TC. "Microsoft has defined a set of profiles for acquring and delivering security tokens, collectively referred to as 'Information Card' technology. These profiles are agnostic with respect to the format and semantics of a security token, but interoperability between issuing and relying parties cannot be achieved without additional rules governing the creation and use of the tokens exchanged.
Read more...
Consortium Releases CARML (Client Attribute Requirements Markup Language) and Privacy Constraints Draft Specifications to Protect Personally Identifiable Information Across Applications and Networks.
A European Union-wide advisory body this week called for security breach disclosure regulations tougher than those in the U.S. as a step toward raising awareness of the seriousness of security threats.
The European Network and Information Security Agency (ENISA), the E.U.'s top security body, said governments, businesses and consumers are still underestimating the scope of the IT security problem, in part because of the lack of transparency when breaches occur.
