Users

now browsing by tag

 
 

US #cybersecurity firm #McAfee eyes #digital #wallets as users #pile in for #e-payments

US cybersecurity software-maker McAfee is now turning its attention to digital wallets as a new revenue stream, against the backdrop of more and more people signing up for these services, The Economic Times reported.

According to the report, McAfee, which has over 25% of its global workforce based in its Bengaluru office, is targeting the space as the number of digital wallet users spiked after the government’s demonetisation initiative.

“India has a large number of digital wallets compared to other countries. While these wallets are expanding to the nether regions of the country, the number of scams is also increasing by the day,” Anand Ramamoorthy, managing director, South Asia, McAfee, was quoted as saying.

“The scale is quite large and so building security features becomes difficult,” he said. “There are various issues a user faces starting from fake apps, fake transactions and a lot more, which are unique cases in India. Looking at all these cases, we are trying to build security that solves it all levels,” he added.

The Economic Times had earlier reported that several scammers were committing fraud by sending false payment confirmation messages to merchants.

Explaining digital wallet security, Ramamoorthy said that the company first tracks how apps are reading into personal data of users on the phone such as address book and photos and then secures that data. He said that in order to add another layer of security, McAfee tries to find the device on a map faster than usual and then backs up the data, locks the device and wipes out the data from the device.

The company is already working with mobile wallet companies but is now sharpening focus to secure the back-end as well as the front-end for consumers.

In another strategic move in March, the company had said that it was extending its cloud security platform to protect Microsoft’s Azure platform that provides cloud services.

Interestingly, this was McAfee’s first joint solution following its acquisition of Skyhigh Networks, a specialist in the cloud security, in November 2017. According to McAfee’s 2017 cloud adoption and security report, nearly 93% of organisations use some form of cloud services.

advertisement:

The post US #cybersecurity firm #McAfee eyes #digital #wallets as users #pile in for #e-payments appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

PayThink #Users are #compromising #most #security #tech

Source: National Cyber Security – Produced By Gregory Evans

It took Bonnie and Clyde three years to rob about a dozen banks, but the scourge of bankers today is a quiet Russian hacking group called, appropriately enough, MoneyTaker, and they don’t need nearly as much drama to abscond with cash.

Using often tailor-made hack attacks that regularly rely on near-undetectable fileless malware, the MoneyTaker gang has, in barely a year and a half, robbed millions from 20 banks so far and counting. What’s worse is that the gang has stolen data that could let it hijack Swift transactions, leading Swift for the first time to issue a report on cyber-vulnerabilities with the banks it works with.

While hackers usually don’t discriminate, they’ve got no problem attacking servers at hospitals, schools and corporations with trade secrets and valuable intellectual property, banks hold a special place in their heart as that is where the money is, as yet another famous Depression-era bank robber once said.

Once a bank’s security is compromised, hackers can pay themselves from the funds on hand, transferring sums large and small to their accounts. However, with information about the global payment systems like Swift that’s also available only at the bank, hackers can do a lot more damage.

Hackers are getting better at “data mining” all the time. According to Kaspersky, Russian hackers operating just a couple of Darknet marketplaces in 2017 were offering this year an astounding 85,000 servers for sale (meaning, the authentication information that will let a hacker take control of the server), some for as little as $6! In 2016 there were “only” 70,000 such servers for sale, meaning that whatever we are doing to keep hackers at bay, it isn’t enough.

Included in those compromised servers are apparently some containing key Swift information, and it’s just a matter of time before the MoneyTaker gang will also use that information for fun and profit.

How are gangs like MoneyTaker getting away with this, especially with servers belonging to banks which are presumably protected by the latest cybersecurity systems? According to a study by the SANS Institute, it’s the “human factor” that is at work: As many as 95% of all attacks on enterprise networks begin with a spear phishing attack in which hackers dispatch their malware hidden inside email attachments. That attack could consist of trojans that pave the way for malware that allows hackers to take over servers, or the newer fileless malware attacks (where an agent installs itself in memory, hijacking servers for the use of hackers).

Cybersecurity systems, as sophisticated as they are, are clearly not doing the job — and maybe they never will, given that in the end the effectiveness of those systems can be overridden by workers inside the organization. The best systems then are the ones that take away from users and employees any opportunity to override security by responding to the phishing messages that get them, and their organizations, into trouble.

Systems like that need to be able to analyze messages and incoming files for malware or threats, and remove them before passing the file or message on to workers.

In addition, the system has to be robust and innovative enough to arrest malware that is passed on in innovative ways with traditional cybersecurity systems, like sandboxes that are perhaps not up to date on phenomena like fileless malware. With thousands of security systems out there, organizations are understandably confused about what systems are the most effective. But in our opinion, the systems that will perform best are the ones that limit opportunities for spearphishers to have their way with employees.

The post PayThink #Users are #compromising #most #security #tech appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Source: National Cyber Security – Produced By Gregory Evans

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Hackers hit Pizza Hut earlier in October and reportedly stole customers’ financial information. Pizza Hut said that its website was hacked and some of its customers who used the fast food chain’s website and app were affected by the breach.

Although Pizza Hut reportedly sent out emails notifying its customers of the breach, the alerts came two weeks after the company’s website was hacked. Some users took to Twitter to complain about the delayed notification. Some customers also reported fraudulent card transactions, which they suspect may have occurred due to the Pizza Hut hack.

“Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” the company said in an email sent to affected customers, Bleeping Computer reported.

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the fast food chain added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”

It is still unclear as to how many users may have been affected by the breach and whether the hackers were able to get their hands on any corporate data. IBTimes UK has reached out to Pizza Hut for further clarity on the incident and will update this article in the event of a response.

Source:

The post Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Craigslist Sides With LinkedIn In Battle Over Users’ Data

Source: National Cyber Security – Produced By Gregory Evans

Listings service Craigslist is backing LinkedIn in a fight with startup HiQ Labs over scraping. Website operators “have every right to employ technological measures” to block scraping by outside companies, Craigslist argues in a friend-of-the-court brief filed this week with the 9th Circuit Court of Appeals. Craigslist’s involvement marks the…

The post Craigslist Sides With LinkedIn In Battle Over Users’ Data appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Best Practices for Cybersecurity Are Simple and Keep Users in Mind

Source: National Cyber Security – Produced By Gregory Evans

As students, faculty and staff settle into the routines of a new semester, it’s the perfect time for a refresher on cybersecurity. Perhaps this is why October is designated National Cybersecurity Awareness Month. CIOs and CISOs have an opportunity to educate users on the basics of good cyberhygiene before they…

The post Best Practices for Cybersecurity Are Simple and Keep Users in Mind appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Users aren’t the weakest link in cybersecurity: 3 tips for IT leaders

Source: National Cyber Security – Produced By Gregory Evans

It’s practically a given in the information security world: Users are the weakest link. No matter the security measures an organization deploys, they can all be undone by employees who, knowingly or not, violate IT policies at their desks or while working from home or on mobile devices. But one…

The post Users aren’t the weakest link in cybersecurity: 3 tips for IT leaders appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bitcoin users are opening their wallets to hackers through mobile networks

Source: National Cyber Security – Produced By Gregory Evans

Cryptocurrencies like Bitcoin make a big deal of their security; theoretically, they are almost impossible to hack. Every transaction is stored in a ‘digital ledger’, shared across multiple machines; an attacker would need to compromise every computer in the chain to successfully hack the system. However, the digital wallets that…

The post Bitcoin users are opening their wallets to hackers through mobile networks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Researchers claim that most WhatsApp and Viber users are exposed to fraud and hacking

Source: National Cyber Security – Produced By Gregory Evans

Do you know that despite the end-to-end encryption provided by popular messaging platforms like Facebook Messenger, WhatsApp and Viber, your sensitive information is vulnerable to hacking? A new research has highlighted the importance of what is called an ‘authentication ceremony’ to help mitigate the risk. Researchers from Brigham Young University…

The post Researchers claim that most WhatsApp and Viber users are exposed to fraud and hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Windows 10 users need to update their PC TODAY, or hackers could take control

Source: National Cyber Security – Produced By Gregory Evans

Windows 10 users at a risk from a “critical” vulnerability that lets cybercriminals take over their PCs, unless they update their computers now, Microsoft have patched dozens of major security vulnerabilities that affect all supported versions of Windows. One “critical” vulnerability enabled a hacker to exploit how Windows Search handles…

The post Windows 10 users need to update their PC TODAY, or hackers could take control appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Stop treating users as the enemy when it comes to cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

What are the biggest roadblocks to better cybersecurity? If you look at the major cybersecurity conferences, the usual presentation topics are risk assessment, encryption, zero-day exploits, and insider threats. But there’s no shortage of technical and human challenges to cybersecurity; often these factors are competing against each other for time…

The post Stop treating users as the enemy when it comes to cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures