Third-party providers will face more stringent regulations as part of a revamp in payment card industry regulations due to go into full effect in the new year. The new Payment Card Industry Data Security Standard 3.0 (PCI 3.0) will be mandatory for all businesses that store, process or transmit payment card information beginning 1 January 2015. The revamped standard includes requirements aimed at third party providers…
Read the entire article on TheRegister.com
This week, the payment gateway solution provider Charge Anywhere revealed that it had been victimized by a data breach that may have compromised data going as far back as 2009. Charge Anywhere provides payment gateway services, cloud point-of-sale (PoS) solutions, mobile PoS, and other technologies aimed at banks, enterprises, and payment processors. The attack stands as another example of hackers targeting payment card data by going after PoS vendors, as opposed to just merchants…
Read the entire article on DarkReading.com
Data breaches have become an unfortunate reality for US consumers, and the problem seems likely to accelerate in 2015 while cybercriminals perfect their craft. Cybercriminals are aware banks are increasingly issuing chip-and-PIN credit cards – as retailers also switch to support the more secure cards – and will try to compromise companies as fast as they can in early 2015…
Read the entire article on TweakTown.com
The data breaches of 2014 have yet to fade into memory, and we already have 2015 looming. Experian’s 2015 Data Breach Industry Forecast gives us much to anticipate, and I’ve asked security experts to weigh in with their thoughts for the coming year as well…
Read the entire article on PCWorld.com
The existence of a sophisticated cyber espionage tool that has been used in numerous operations aimed at businesses and governments from all over the world was brought to light this week. Dubbed “Regin,” the Trojan has been used since 2008 in attacks against private individuals and small businesses, and sectors such as telecoms, hospitality, energy, aviation, and research. The largest number of infections has been spotted in Russia (28%) and Saudi Arabia (24%), Symantec said in a report…
Read the entire article on SecurityWeek.com
The biggest malware story of the week isn’t directly affecting American businesses or government – at least not yet. Earlier this week, Symantec announced the discovery of a Trojan the company dubbed Regin. It’s a back-door Trojan that is being used primarily for espionage and surveillance. Researchers are also calling it one of the most sophisticated pieces of malware they’ve seen yet and it can be customized to specific targets…
Read the entire article on ITBusinessEdge.com
Regin, the latest malware threat, is also one of the more mysterious ones. When Symantec unveiled details of the new cyber espionage campaign last weekend, its researchers described it as a highly sophisticated threat with an unprecedented level of technical competence…
Read the entire article on PCWorld.com
A sophisticated malware program called “Regin” has been used in systematic spying campaigns against a range of international targets since at least 2008, Symantec reported on Sunday. Regin is a backdoor-type Trojan with a structure that displays a degree of technical competence rarely seen in malware, according to Symantec…
Read the entire article on TechNewsWorld.com
Symantec Inc.’s discovery of the Regin malware, part of a long-term nation-state-sponsored cyberespionage campaign, has already been compared to the likes of Stuxnet and Flame, two of the most sophisticated pieces of malware ever created. While the expertise needed to create Regin is unquestioned, security industry observers say Regin again proves that more organizations and vendors need to be focused on threat detection rather than prevention…
Read the entire article on SearchSecurity.com
Hackers are conducting MITM (Man in the Middle) attacks against iOS and Android smartphones using a new technique dubbed DoubleDirect, according to security researchers at the San Francisco-based security company, Zimperium. DoubleDirect allows an attacker to redirect the victim’s traffic to his computer. Once the traffic has been redirected, the hacker can steal details and send a malicious piece of code to the victim’s smartphone that does not just infect the device, but also spreads through their corporate network…
Read the entire article on VPNCreative.net
