Nearly 25% of engineers said they personally knew about security problems in their company’s smart devices that have not been disclosed to their customers and the general public, according to a recent survey by device security firm Mocana.
Visa to waive PCI DSS compliance validation for US merchants that deploy chip-enabled terminals
Effective Oct. 1, 2012, Visa is eliminating the requirement for US merchants to annually validate their compliance with the PCI Data Security Standard (PCI DSS) if 75% of the merchant’s annual Visa transactions originate from chip-enabled terminals.
Cybercriminals steal – from each other
The latest monthly malware and threats report from GFI Labs – the research operation of GFI Software – claims that cybercriminals are now stealing end user credentials from each other, as well as using complex new methodologies when seeking to infect e…
SpyEye trojan is revealed as credit card credential grabbing machine
A security researcher with Computer Associates has carried out an in-depth analysis of the SpyEye trojan and concluded that the malware has been cleverly coded to hide the fact that it is really little more than a clever piece of credential-grabbing co…
Researcher says MBR malware is back in fashion
A Symantec security researcher is reporting that MBR – Master Boot Record – infections are now back in fashion amongst cybercriminals after several years of largely being ignored.
Hampshire school data breach highlights need for multiple passwords
A data breach at Bay House School in Hampshire has highlighted the importance of not using the same password for different websites and applications, say experts.
New CSA registry enables cloud providers to demonstrate security controls
Cloud providers can demonstrate their adherence to industry-standard security practices by applying for listing in the Cloud Security Alliance’s (CSA) new Security, Trust and Assurance Registry (STAR).
Future of SSL in doubt? Researcher Marlinspike unveils alternative to certificate authorities
Noted security researcher and hacker Moxie Marlinspike slammed the certificate authorities at last week’s Black Hat conference in Las Vegas, just before he introduced his own alternative for authenticating secure web communications.
Black Hat 2011: Security researchers hack iPad dongle to become card skimmer
At the Black Hat 2011 event, which has just finished in Las Vegas, security researchers have shown how it is possible to hack a dongle for the iPad – which was originally designed to allow iPads to accept debit and credit card payments – to become a ca…
Trojanised Android app seen checking for keywords in text messages
A threat analyst with Trend Micro claims to have spotted a trojanised Android app in the wild that checks for keywords in text messages, and relays the data back to remote hackers.