IOL is reporting about a Cape Town based NGO that had R90000 rand stolen via online banking. The criminals managed to obtain a copy of the SIM card of the CEO where Standard bank was sending the OTP (One Time Password) to. Although IOL say that the criminals managed to bypass the OTP this is not really the case. The breach seemed to be at MTN where the criminals managed to obtain a copy of the SIM card with false identification.

It seems that these criminals used all the tricks in the book to accomplish this. Like the victim says "I couldn't believe it had happened to me, I had only read about stuff like this."

It seems every where you look these days there is news about some organisation loosing data in some way or another. The most devastating occurance is of the UK's HRMC reported a few months back. It seems like that incident has caused others to come forward.

The incident at Passport Canada hi-lights the complete lack of secure coding practices that is prevalent and the need for application and penetration testing. There is also the incidents in the medical industry in Canada and the US.

What does all this mean? It means that personal information is a target and criminals can sell this type of information on the Internet. Organizations need to take further steps to ensure data is protected. Encrypting laptop harddrives, testing web applications and implementing ILP (information leakage prevention) software are some of the ways that this can be accomplished.

Its been known that malware is prevalent in advertisements on most of the "underground" websites. It seems as though its becoming common on some of the popular websites now, thanks to web advertising companies trusting content from third parties. We expect to see more and more methods of attack via the web in this manner.
Wired.com has the full story including a link to the video below, which demonstrates the attack being carried out.

Security professionals normally concentrate on network security and keeping crackers and malicious software out of their environments, putting physical security on the back burner. The Register has an article that serves as a reminder that physical security can not be ignored. Many organizations have the security measures in place but fail to manage them properly, making these physical security measures easy to bypass.

www.net-security.org has an interesting writeup about a recent survey that was completed in the U.S. It goes to show that more than 1/3 of employees violate IT Security Policies. Many employees do not understand the risks associated with P2P and other activities. These optimistic statistics verify the need to not only have security policies in place but also means to enforce the policies.