Retailers said to be weighing lawsuits over chip cards, fraud-liability shift
U.S. retailers are contemplating lawsuits against banks and credit card companies over the slow rollout of chip-based card technology and the possible financial liability merchants began facing that started Oct. 1. Retailers that did not install newer chip-enabled point of sale terminals in stores, restaurants and hotels as of Oct. 1 have to pay an […] more…MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks
by Cyber Safety Solutions Team We’ve uncovered a new breed of point-of-sale (PoS) malware currently affecting businesses across North America and Canada: MajikPOS (detected by Trend Micro as TSPY_MAJIKPOS.A). Like a lot of other PoS malware, MajikPOS is designed to steal information, but its modular approach in execution makes it distinct. We estimate that MajikPOS’s […] more…As migration anniversary approaches, only a third of retailers accept chip cards
Retailers were supposed to start accepting chip cards last October, but a year past the start of the EMV liability shift, two-thirds still haven’t done so. Only 2 million merchants, representing 33 percent of the industry, are actively accepting chip cards, according to a data released by MasterCard earlier this month. This is up from […] more…Cyber Insights 2023: Cyberinsurance
About SecurityWeek Cyber Insights | At the end of 2022, SecurityWeek liaised with more than 300 cybersecurity experts from over 100 different organizations to gain insight into the security issues of today – and how these issues might evolve during 2023 and beyond. The result is more than a dozen features on subjects ranging from AI, quantum […] more…IT threat evolution Q2 2021
Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to […] more…The state of stalkerware in 2020
The state of stalkerware in 2020 (PDF) Main findings Kaspersky’s data shows that the scale of the stalkerware issue has not improved much in 2020 compared to the last year: The number of people affected is still high. In total, 53,870 of our mobile users were affected globally by stalkerware in 2020. Keeping in mind […] more…3 pandemic-related trends for 2021
When we shifted rapidly from working in offices to working from home early this year, we weren’t at all ready. I’ve heard stories of employees who stripped their offices of everything but their phones because they lacked office furniture at home; workers who got thousands of dollars to buy home office equipment; and employees who […] more…How Unsecure gRPC Implementations Can Compromise APIs, Applications
By David Fiser (Security Researcher) Enterprises are turning to microservice architecture to build future-facing applications. Microservices allow enterprises to efficiently manage infrastructure, easily deploy updates or improvements, and help IT teams innovate, fail, and learn faster. It also allows enterprises to craft applications that can easily scale with demand. Additionally, as enterprises switch architectures — […] more…Story of the year 2019: Cities under ransomware siege
Ransomware has been targeting the private sector for years now. Overall awareness of the need for security measures is growing, and cybercriminals are increasing the precision of their targeting to locate victims with security breaches in their defense systems. Looking back at the past three years, the share of users targeted with ransomware in the […] more…Securing the Unsecured: State of Cybersecurity 2019 – Part I
Recently the Straight Talk Insights team at HCL Technologies invited a social panel to discuss a critical question at the center of today’s digital transitions: How do companies target investments and change the culture to avoid being the next victim of a cyberattack? Alongside some fantastic leaders and technology strategists from HCL, Oracle, Clarify360, Duo […] more…The GDPR – One Year Later
A couple of weeks ago, one famous lawyer blogged about an issue frequently discussed these days: the GDPR, one year later. “The sky has not fallen. The Internet has not stopped working. The multi-million-euro fines have not happened (yet). It was always going to be this way. A year has gone by since the General […] more…Watch Out For These Crypto Market Trends in 2019
With the longest recorded bear market in history, cryptocurrency prices are in for a terse competition. Bitcoin price tested murky waters in 2018, it has been predicted by several analysts and traders alike that in 2019, ETF approval and the launch of Bitcoin futures will bring some much-needed relief. The crypto debt market and credit […] more…Shedding Skin – Turla’s Fresh Faces
Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, which brings an interesting mix […] more…A New Standard for Security at New Standard Corporation
From the latches on the toolbox in your garage to componentry in gigantic earth movers, New Standard Corporation provides Original Equipment Manufacturer components, assemblies, and related services for products used in the agriculture, construction, mining, industrial, and power generation industries. As at companies everywhere, New Standard has seen information security move from the back shelf […] more…The Trends & Challenges Facing The Internet Of Things
The Internet of Things, or IoT, is now commonplace in society today. Since the term was first coined back in the 80’s, connected devices have changed our lives in ways many of us could only dream of. However, whilst the growth has been significant, integrating IoT devices into everyday life even further is not without […] more…False Positives: Why Vendors Should Lower Their Rates and How We Achieved the Best Results
In pursuit of a high cyberthreat detection rate, the some developers of cybersecurity solutions neglect the subject matter of false positives, and unfairly so. Indeed, this is a very inconvenient matter that some developers tend to overlook (or try to solve with questionable methods) until there is a serious incident that could paralyze the work […] more…More information
- Threat Modeling the Internet of Things
- 10 questions for Recall Senior VP and CFO Allison Aden
- Trump Threatens Intelligence Block Over Huawei: US Diplomat
- Bitcoin wallets upgraded after Android cryptography problem
- Dark Motives Online: An Analysis of Overlapping Technologies Used by Cybercriminals and Terrorist Organizations
- August Stealer Uses PowerShell for Fileless Infection
- Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability
- How Taiwan deployed 400,000 iPads in a few weeks
- Java and Python FTP attacks can punch holes through firewalls
- Microsoft Windows Installer CVE-2018-8339 DLL Loading Local Privilege Escalation Vulnerability