Categories
Uncategorized

Ticketmaster's U.K. breach shows risks of third-party code on websites

Ticket sales company Ticketmaster has warned customers in the U.K. that malicious code running on its website could have led to personal data and payment details being stolen. This kind of breach through third-party JavaScript code is quite common and may go undetected for months.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

We cannot ignore the increased use of IoT in domestic abuse cases

The New York Times reports that smart home devices are increasingly used in cases of domestic abuse.
Read more on Virus Bulletin’s blog.

Categories
Security

Microsoft Policy Sets Standard For Openness On What Vulnerabilities To Patch

Microsoft has published a draft policy in which the company outlines what kinds of vulnerabilities it will patch and which vulnerabilities qualify for a bug bounty.
More on my blog at Forbes.

Categories
Security

Banks may need threat teams to fight the next wave of SWIFT-style attacks

Almost two-thirds of financial institutions have yet to form threat hunting teams โ€” a growing necessity as the number of high-profile attacks rises.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

When crypto exchanges act like banks, regulators may treat them as such

Exchanges arenโ€™t very transparent about their methods, but that in fact most handle such internal transactions exactly how regular banks have worked for centuries.
Read more on Payment Source. (Note: subscription wall.)

Categories
Security

Subtle change could see a reduction in installation of malicious Chrome extensions

Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
Read more on Virus Bulletin’s blog.

Categories
Uncategorized

Polish banks targeted by attackers who hijack customer sessions

Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
Read more on Payment Source. (Note: subscription wall.)