Welcome Guest | Sign In
ECommerceTimes.com
Banking Trojan Enters Mobiles via Facebook
April 21, 2014
Purveyors of a notorious mobile banking Trojan have started targeting Facebook users to infect Android smartphones. The Net predators use a desktop Trojan to leverage a Facebook socializer to install banking malware on their phone, ESET malware researcher Jean-Ian Boutin discovered last week. The desktop bad app, Win32/Qadars, waits for an infected machine to open a Facebook page.
Michaels Crafts Artless Response to Customer Data Breach
April 21, 2014
Another retailer security breach, another national conversation about how these now regular occurrences need to stop. In the Michaels case, though, some of the talk touched on what by now should be remedial public relations. When you screw up and it affects your clients, apologize -- profusely and without hedging or reservation. The hacked retailer du jour apparently was unaware of this rule.
Internet Leeches Drawn to Heartbleed
April 14, 2014
It's been more than a week since news of the Heartbleed flaw launched a frantic scramble on the Web, but security professionals' palpitations haven't subsided. The OpenSSL Software Foundation has issued a fix, and Google, Cisco, and hordes of other companies have begun patching their products. Predictably, scammers and spammers have climbed onto the Heartbleed solution bandwagon.
White Hats Use Heartbleed to Steal Keys
April 14, 2014
The tech industry reeled last week when security researchers discovered a flaw in a key security technology in the Internet's infrastructure. The bug, ghoulishly named "Heartbleed," was found in an open source library, OpenSSL, used by the protocol, SSL, used to encrypt data in transit on the Net. By exploiting the flaw with a specially crafted packet, hackers can extract data from a server's memory in 64K chunks.
PCI 3.0, Part 3: Validating Your Cardholder Data Environment
April 14, 2014
Most e-commerce businesses already are preparing for their 2015 PCI audit, and plenty of changes are afoot when it comes to meeting 3.0 compliance requirements. Remember, compliance itself does not equal security, but rather is a reporting function of your security program. It is both a mandatory part of meeting 3.0 standards and a critical step toward improving your security posture.
Consumers Can't Stanch Heartbleeding
April 11, 2014
Consumers can do little to protect themselves from the catastrophic Heartbleed bug. "Catastrophic is the right word," wrote security guru Bruce Schneier in his blog this week. "On the scale of 1 to 10, this is an 11." Heartbleed is an extension of the SSL/TLS protocol used to encrypt data in transit on the Internet. Heartbleed is used to keep a secure connection alive.
XP Users Have a Bad Headache Coming On
April 07, 2014
Money will be the biggest problem users of Windows XP will face when Microsoft officially stops supporting it on Tuesday. As a last resort, Microsoft is offering custom support for Windows XP as a temporary stopgap. That could cost as much as $200 per PC per year, Gartner estimated. The UK government reportedly has paid Microsoft about $9 million to extend Windows XP support for one year.
Yahoo Issues Security Sitrep
April 03, 2014
Yahoo has announced a new effort to upgrade its security, in the wake of a torrent of breaches and hacker attacks over recent months. Yahoo's plans include encryption of data in motion, enabling HTTPS encryption, and implementing the latest in security best practices, said Chief Information Security Officer Alex Stamos, who took over the job in March.
Big Blue Dons Big Data Gloves to Fight Fraud
March 21, 2014
IBM on Thursday launched a set of software and consulting services to help fight fraud and financial crime. The so-called smarter counterfraud initiative draws from more than 500 fraud consulting experts, 290 fraud-related research patents, and the $24 billion IBM has invested in its Big Data and analytics software and services capabilities over the past nine years.
Target Breach Lesson: PCI Compliance Isn't Enough
March 18, 2014
"Target was certified as meeting the standard for the payment card industry in September 2013. Nonetheless, we suffered a data breach." Those words by Target CEO Gregg Steinhafel affirmed what security experts know as gospel: Compliance does not equal security. "Just because you pass a PCI audit does not mean that you're secure," said HyTrust President Eric Chiu.
The Internet of Things: There's a Great Big Beautiful Tomorrow
March 18, 2014
When I was 10 years old, I took my first trip to Disney World. The futuristic rides in Tomorrow Land were my favorites. In particular, I loved "The Carousel of Progress," which, at the time, was an attraction designed by General Electric to showcase its new technologies at the 1964 New York World's Fair. The song, "There's a Great Big Beautiful Tomorrow," played as the curtains opened.
PCI 3.0, Part 2: Defining Your Cardholder Data Environment
March 17, 2014
New compliance guidelines went into effect earlier this year. While e-commerce organizations have until their 2015 audit to transition, the new controls are demanding enough operational and technical changes that smart businesses already have started preparing. If you're wondering where to start, one of your first steps should be to thoroughly define and document your cardholder data environment.
Target Missed Bull's-Eye in Data Breach
March 14, 2014
Target acknowledged Thursday that it put information on a back burner that led to the compromise of more than 100 million customer records. "We learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team," said spokesperson Molly Snyder, which "determined that it did not warrant immediate follow up."
2013: A Perilous Year on the Internet
March 11, 2014
Surfing the Internet last year was a dangerous proposition. On average, 200 samples of malicious software were collected every minute by McAfee Labs, the company reported in its threat report for the Q4 2013. All kinds of Internet nastiness increased last year -- from ransomware and suspicious URLs to bogus digital certificates, master boot record attacks, and poisoned mobile apps, the firm said.
Bad Ads Outstrip Porn as Mobile Phone Infection Vectors
March 11, 2014
Trawling porn sites used to be the best way to pick up an electronically transmitted disease on your phone. That's changed. Every one in five times a mobile user is redirected to a malware site online, it's done through a malicious ad, according to a new report. That's three times what it was two years ago. One reason malicious ads have been able to outperform porn is they can get more traffic.
Target Reels From Customer Data Breach
February 26, 2014
Target reported financial results for the quarter during which it suffered a high-profile data breach, revealing how badly the company was stung by the security lapses. In the three months ending Feb. 1, net earnings dropped by 46 percent compared with the year-ago fourth quarter, from $961 million to $520 million. Profit dropped by more than 40 percent from the same period a year earlier.
Apple's Better Late Than Never With OS X Security Fix
February 26, 2014
Apple has pushed a large update to its OS X Mavericks OS that includes a patch for a significant security flaw. The vulnerability allows Net predators to hijack a secure communication channel from a device running the latest version of OS X and perform mischief such as intercepting user names and passwords. The flaw affects Apple programs that use SSL encryption.
Security Firms Scour Mobile Apps
February 24, 2014
Security pros weren't very kind to mobile applications last week. A number of firms knocked apps produced for the smartphone market for all kinds of risky behaviors that could lead to trouble not only for mobile device owners, but also for their employers. While Android has been a poster child for misbehaving apps in the past, competitor Apple's apps aren't as pristine as is commonly believed.
China Calls Kerry's Internet Comments 'Na´ve'
February 18, 2014
Maybe they aren't fighting words, but they sure aren't friendly. China's Foreign Ministry spokesperson, Hua Chunying, said that U.S. Secretary of State John Kerry's remarks about Chinese Internet freedom were, shall we say, a bit base. Kerry had a half-hour-plus chat with bloggers Saturday in Beijing, during which time he expressed support for more online freedom in China.
PCI 3.0, Part 1: Breathe, Relax, Get Compliant
February 18, 2014
Aimed at improving the security of payment card data and reducing fraud, PCI DSS 3.0 standard, which took effect on Jan. 1, introduces changes that extend across all 12 requirements. It no doubt will mean some shakeups for many organizations. However, transitioning to meet the new requirements will help e-businesses build a stronger, safer, lower-risk environment.

See More Articles in Consumer Security Section >>
Facebook Twitter LinkedIn Google+ RSS