- Hackers try to blackmail plastic surgeon after stealing 500,000 patient records
- How to keep your smartphone (and its data) secure
- Espionage outpacing financial crime as better reporting improves security picture: Verizon
- Web apps and point-of-sale were leading hacker targets in 2013, says Verizon
- Google introduces Chrome 'factory reset' pop-ups to tackle extensions hijacks
There used to be a whopping 110 million attack messages per day spoofing the Twitter domain name as cyber-criminals blasted out fake Twitter e-mail at intended victims to try and fool them into opening dangerous malware-infested links and other scams. But by adopting a messaging authentication protocol called Domain-based Message Authentication, Reporting and Conformance (DMARC), Twitter has seen that number drop to a few thousand.
What ever happened to the "FIDO Alliance," that industry group that first showed up a year ago saying it was going to revolutionize e-commerce online authentication by promoting a new multi-factor authentication protocol? Turns out the revolution in security is slow in coming but they're making some progress.
GoDaddy has acknowledged that one of its employees fell victim to a social engineering attack allowing a hacker to take over a customer's domain names and eventually extort a coveted Twitter user name from him. PayPal, which the victim claimed also played a role in the attack, denied the accusations.
Anonymous members, charged with a distributed denial-of-service attack on PayPal, entered a plea Thursday that could see some of them walk free at sentencing next December.
A group of Russian software developers dubbed "Team Moscow" has won PayPal's $100,000 Battle Hack 2013 awarded for the best socially worthy use of PayPal's API. A team of Israel finished second and one from Miami finished third.
Anyone who's paid attention to computer security over the past few years will probably tell you that your password isn't enough. Passwords are often awkward and hard to remember--leading people to use the same password for multiple sites--and if someone gets a hold of your login credentials, they can wreak havoc with your personal information. Not good.
As more and more smartphone and tablet users shop via their mobile devices, being able to accept mobile payments is becoming a more important element of ecommerce. But does it make sense for your business? Mobile payment service providers Square, PayAnywhere, PayPal and Bank of America discuss fees, security and which types of business would benefit the most.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.