The so-called POS "swap" attack is rare, but effective, not only against mag-stripe cards but chip-based cards as well. The same mode of attack was used against Hancock Fabrics, leading to card fraud that affected more than 140 customers.
The latest Verizon Data Breach Investigations Report is out, and the good news is: The number of compromised records is down. The troubling news is: The number of breaches is up. Bryan Sartin, one of the report authors, explains why.
A review of the month's top stories by Managing Editor Tracy Kitten: A well-crafted e-mail tricked an RSA employee into opening a phishy e-mail that launched a sophisticated attack on the company's information systems, and the list of big-name corporations and brands affected by the Epsilon e-mail breach tops 100.
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
A U.S.-based hacker just pleaded guilty to stealing more than 675,000 credit cards that led to more than $36 million in fraud. "These SQL injections are allowing someone in through the side fence, not the front door," says information security attorney Randy Sabett.
SWIFT says globalization, regulation and the introduction of new services from non-financial providers will set the tone for 2011. But increasing transaction volume and the convergence of payment technologies from differing global markets also pose their own challenges.
Verizon's newly-released 2011 Data Breach Investigations Report finds that the number of compromised records has dropped dramatically, but incidents are up, and hackers are still finding new ways to get into systems and servers.
Payment card fraud. ACH and wire transfers. ATM skimming. And especially insider crimes. These are among today's top information security threats to institutions, says banking regulator Gigi Hyland in an exclusive interview.
Heartland Payment Systems hacker Albert Gonzalez seeks to overturn his conviction and 20-year sentence, a record for a computer breach, maintaining he committed his crimes with the knowledge of his Secret Service handlers.
Experts say banks and retailers are doing all they can to control concerns in the aftermath of the Epsilon e-mail breach, and a well-crafted e-mail fooled an RSA employee into opening a phish that led to a sophisticated attack on the company's information systems.
Most furloughed federal employees would have had to turn in their BlackBerries and other mobile devices in a U.S. government shutdown. Just as well, using the technology could have resulted in an employee landing in the slammer.
A U.S. District Court in Texas granted motions made by acquiring banks Heartland Bank and KeyBank to dismiss civil actions brought against them for their involvement in the 2009 Heartland Payments Systems data breach.
The Department of Homeland Security works with RSA to investigate the sophisticated attack aimed at RSA SecurID two-factor authentication products, and card fraud linked to pay-at-the-pump gas terminals in Arizona tourist spots is on the rise.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?