Ticket sales company Ticketmaster has warned customers in the U.K. that malicious code running on its website could have led to personal data and payment details being stolen. This kind of breach through third-party JavaScript code is quite common and may go undetected for months.
Read more on Payment Source. (Note: subscription wall.)
Month: June 2018
The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.
Read more on Virus Bulletin’s blog.
Microsoft has published a draft policy in which the company outlines what kinds of vulnerabilities it will patch and which vulnerabilities qualify for a bug bounty.
More on my blog at Forbes.
Almost two-thirds of financial institutions have yet to form threat hunting teams โ a growing necessity as the number of high-profile attacks rises.
Read more on Payment Source. (Note: subscription wall.)
Exchanges arenโt very transparent about their methods, but that in fact most handle such internal transactions exactly how regular banks have worked for centuries.
Read more on Payment Source. (Note: subscription wall.)
Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
Read more on Virus Bulletin’s blog.
Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
Read more on Payment Source. (Note: subscription wall.)