Security researchers at FireEye / Mandiant [say] "We identified the presence of a financially-motivated threat group that we track as FIN1, whose activity at the organisation dated back several years."
[...] "FIN1 used this malware to access the victim environment and steal cardholder data. The group, which may be located in Russia, is known for stealing data that is easily monetised from financial services organisations such as banks, credit unions, ATM operations, and financial transaction processing and financial business services companies."
[...] The malware's installation location also means it will persist even after re-installing the operating system, widely considered the most effective way to eradicate malware.
Can we all agree that updating firmware should require the movement of a physical jumper?
(Score: 3, Informative) by Anonymous Coward on Tuesday December 08 2015, @09:30PM
It is nothing like that at all. It proposes an actual solution to a problem as opposed to wishy-washy statements. Putting a physical switch is an attempt to PREVENT such infections in the FUTURE. Similar to how Chromebooks have a similar switch. Yeah, you could own a Chromebook all the way down, but it is made a lot harder by having said physical switch.
(Score: 3, Interesting) by Nerdfest on Tuesday December 08 2015, @11:25PM
I'm pretty much at the point of disregarding nay comments from people that refer to companies by their stock symbols. For an interesting read, go back through old stories looking for comments where people do that.
(Score: 2) by Bill Evans on Wednesday December 09 2015, @01:55AM
Yeah, I've had it up to here with negativity as well.
(Score: 2) by Nerdfest on Wednesday December 09 2015, @02:33AM
You ought to be horse-whipped for trotting out a comment like that.
(Score: 2) by Fnord666 on Wednesday December 09 2015, @02:36AM
(Score: 1) by anubi on Wednesday December 09 2015, @04:43AM
I am building industrial Arduino-compatibles.
MODBUS (RTU) / SCADA compatible. Uses a graphical HMI. As well as all those nifty little Arduino I2C interfaces.
One thing I am extremely concerned with is that I do not allow the thing to get into programming mode until the jumper to force a reset at the appropriate time is in place.
The question I have for this forum is.... just how easy is it to pwn an Arduino if you are only allowed to talk to it via its serial port?
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]