Thursday, April 27, 2017

PassFreely Attack Bypasses Oracle Database Authentication

From DataBreach Today:

PassFreely Attack Bypasses Oracle Database Authentication

"The attack tool in question, called PassFreely, dates from 2013. Based on leaked documents, tools and exploits tied to the Equation Group - the nickname for a group of hackers that experts believe is part of the National Security Agency's Tailored Access Operations group - it appears that PassFreely may have been used to hack into two or more SWIFT service bureaus (see Hackers Reveal Apparent NSA Targeting of SWIFT Bureaus).

The interbank messaging system from Brussels-based SWIFT - formally known as the Society for Worldwide Interbank Financial Telecommunication - is designed to guarantee that money-moving messages between more than 11,000 banks worldwide are authentic. While some banks host the related infrastructure themselves, many instead use one of 74 accredited SWIFT bureaus."

No comments:

Post a Comment