The week in security: Target PCI DSS auditor sued, XP-ocalypse nears

Recriminations were flying as security vendor Trustwave Holdings was named in a lawsuit related to the penetration of US retailer Target, in a suit related to Target's obligations under the PCI DSS credit-card industry standard. The move was termed a 'wake up call' for companies looking to hire PCI DSS auditors, while others in the credit-card industry were seizing on the Target hack to further their arguments for PIN vs chip-based card security.

Security vendor Barracuda Networks launched a new site that traces the genesis of more than 10,000 malware attacks. That number is sure to continue rising as users are hit by the likes of Gameover malware, which has been targeting accounts on employment Web sites,

The looming discontinuation of support for Windows XP had security companies looking for new opportunities, with Malwarebytes debuting an anti-malware tool that it said would continue to support XP after the 8 April cutoff.

XP isn't the only Microsoft tool vulnerable to potential security problems, however: the company warned that simply previewing an email attachment can give attackers control over a user's PC. Microsoft also told users to disable support for RTF files after Google found targeted attacks that exploited a remote execution zero-day flaw in Word for Windows and Mac.

A newly formed non-profit, called the Secure Domain Foundation (SDF), will offer free security advice about protecting the Domain Name System. Security vendor Palo Alto Networks was also excited about its new security venture as it cut the ribbon on a new Singapore-based security research lab that will have flow-on effects for Australian customers. There's no word on the gender split of employees at the facility, but some observers were noting that the information-security industry is continuing to struggle to attract women.

Signs suggest that malware is getting more sophisticated and using encryption to become stealthier than ever before, while a US local council was forced to spend $US5000 on PCs after it was victimised by Cryptolocker ransomware.

Even as the US Internal Revenue Service ruled that Bitcoin is property and not currency and a hosting company was hit by a security scare aimed at Bitcoin accounts, a Bitcoin-stealing ransomware variant has attached itself to a Trojan that steals bitcoin from wallets. And, while there was some hope in malware defences designed to better protect Android devices, experts warned that new Android malware that mines cryptocurrencies could cause Android phones to overheat.

One entrepreneur believes he can make Bitcoin a legitimate currency despite all of this, but in the meantime protecting mobile devices is becoming increasingly important for every reason. It could become even more so after the release of Office for iPad which, experts warned, could pose new security problems for enterprises.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cybercrimewindows xptrustwaveBarracuda Networksmalware attacksSecure Domain FoundtaionGameover malwarePaloAlto NetworksPCI DSS auditorsPCI DSS credit card industry standardinformation-security

More about Barracuda NetworksGoogleInternal Revenue ServiceMalwarebytesMicrosoftPalo Alto NetworksTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by David Braue

Latest Videos

More videos

Blog Posts