Security News > 2020

"Payment players will need to get their data houses in order, given that we anticipate the introduction of new payment rails and open solutions in 2020, as well as a sustained increase in cross-border transaction volume." "Payment tokens help make transactions safer by eliminating the transfer of actual payment data for e-commerce and mobile payments and can deliver a seamless yet secure digital payment experience."The updated 3-D Secure specification enables real-time exchange of 10 times more contextual data between merchants and financial institutions to improve decision-making.

A group claiming to be hackers from Iran breached the website of a little-known US government agency on Saturday and posted messages vowing revenge for Washington's killing of top military commander Qasem Soleimani. The website of the Federal Depository Library Program was replaced with a page titled "Iranian Hackers!" that displayed images of Iran's supreme leader Ayatollah Ali Khamenei and the Iranian flag.

Iran's retaliation for the United States' targeted killing of its top general is likely to include cyberattacks, security experts warned Friday. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.

A now-former senior IT exec has admitted conning his employer out of $6m - by setting up a fake tech services biz that billed his bosses for bogus services. Back in 2015, Kabbaj set up a shell company called Interactive Systems that was pitched as an IT services provider, but was in fact little more than a business name and a bank account.

Boeing convinced itself that their product was extremely safe. I've made my own effort to imagine how this process went so far "Off the rails" and what might have prevented the catastrophe.

While the notice did not mention any specific threat against the U.S., it did note that "Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States." Tom Kellermann, the head of cybersecurity strategy at VMware, who served as a cybersecurity adviser to the Obama administration, says that a retaliatory cyber strike by Iran is almost assured.

A breach stemming from malware infecting a medical imaging server at a small, rural New Mexico hospital serves as a reminder of medical equipment data security and privacy vulnerabilities and risks faced by facilities of all sizes. While Roosevelt General says in its statement that the malware infecting a digital imaging server did not affect EHRs, the risk of medical device security incidents also affecting records systems is a growing worry, some experts say.

Iran's response to the recent U.S. airstrike that killed Qassem Soleimani, a senior Iranian military commander, could include cyberattacks, and organizations should be prepared to prevent and respond to attacks, cybersecurity professionals have warned. Tensions between the United States and Iran escalated following Soleimani's death and Iran has vowed revenge.

The immediate priority should be cleaning up CVE-201915975, CVE-201915976, and CVE-201915975, a trio of authentication bypass bugs that can be exploited remotely without authentication. CVE-2019-15976 describes the same issue via the SOAP API, while CVE-2019-15977 describes static credentials that only allow access to "Certain confidential information," but that infomation could be used for other attacks.

A ransomware attack reportedly caused an Arkansas-based telemarketing company to temporarily suspend its operations, leaving hundreds of employees unsure that they still had jobs days before Christmas. The Heritage Company, a 61-year-old telemarketing firm that works with nonprofit organizations, sent a letter to its more than 300 employees saying it has lost hundreds of thousands of dollars due to the attack.