The week in security: Target PCI DSS auditor sued, XP-ocalypse nears

Recriminations were flying as security vendor Trustwave Holdings was named in a lawsuit related to the penetration of US retailer Target, in a suit related to Target's obligations under the PCI DSS credit-card industry standard. The move was termed a 'wake up call' for companies looking to hire PCI DSS auditors, while others in the credit-card industry were seizing on the Target hack to further their arguments for PIN vs chip-based card security.

Security vendor Barracuda Networks launched a new site that traces the genesis of more than 10,000 malware attacks. That number is sure to continue rising as users are hit by the likes of Gameover malware, which has been targeting accounts on employment Web sites,

The looming discontinuation of support for Windows XP had security companies looking for new opportunities, with Malwarebytes debuting an anti-malware tool that it said would continue to support XP after the 8 April cutoff.

XP isn't the only Microsoft tool vulnerable to potential security problems, however: the company warned that simply previewing an email attachment can give attackers control over a user's PC. Microsoft also told users to disable support for RTF files after Google found targeted attacks that exploited a remote execution zero-day flaw in Word for Windows and Mac.

A newly formed non-profit, called the Secure Domain Foundation (SDF), will offer free security advice about protecting the Domain Name System. Security vendor Palo Alto Networks was also excited about its new security venture as it cut the ribbon on a new Singapore-based security research lab that will have flow-on effects for Australian customers. There's no word on the gender split of employees at the facility, but some observers were noting that the information-security industry is continuing to struggle to attract women.

Signs suggest that malware is getting more sophisticated and using encryption to become stealthier than ever before, while a US local council was forced to spend $US5000 on PCs after it was victimised by Cryptolocker ransomware.

Even as the US Internal Revenue Service ruled that Bitcoin is property and not currency and a hosting company was hit by a security scare aimed at Bitcoin accounts, a Bitcoin-stealing ransomware variant has attached itself to a Trojan that steals bitcoin from wallets. And, while there was some hope in malware defences designed to better protect Android devices, experts warned that new Android malware that mines cryptocurrencies could cause Android phones to overheat.

One entrepreneur believes he can make Bitcoin a legitimate currency despite all of this, but in the meantime protecting mobile devices is becoming increasingly important for every reason. It could become even more so after the release of Office for iPad which, experts warned, could pose new security problems for enterprises.

Join the CSO newsletter!

Error: Please check your email address.

Tags PCI DSS credit card industry standardSecure Domain FoundtaioncybercrimePCI DSS auditorsmalware attacksPaloAlto Networkswindows xpGameover malwaretrustwaveBarracuda Networkssecurityinformation-securitydata breach

More about Barracuda NetworksGoogleInternal Revenue ServiceMalwarebytesMicrosoftPalo Alto NetworksTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts