Security News

For two years, IBM has been deploying confidential computing capabilities in the IBM Cloud and Rohit Badlaney, vice president of IBM Z Hybrid Cloud, said it is the only public cloud with "Production-ready confidential computing capabilities able to protect data, applications and processes." IBM's platform is now used in heavily regulated industries like healthcare and banking, with high profile customers like Bank of America and Daimler taking advantage of confidential cloud computing capabilities.

The British offices of Barclays Bank are under investigation over allegations that managers spied upon their own staff as part of a workplace productivity improvement drive. Back in February, the bank trialled tracking software to detail the amount of time employees spent at their desk, as revealed by City AM. Last week an employee received a "Work yoga" assessment on their daily performance informing them they had spent "Not enough time in the Zone yesterday," the City paper reports.

Capital One must pay a trivial $80m fine for its shoddy public cloud security - yes, the US banking giant that was hacked last year by a miscreant who stole personal information on 106 million credit-card applicants in America and Canada. "The OCC took these actions based on the bank's failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment and the bank's failure to correct the deficiencies in a timely manner," the watchdog said in a statement on Thursday.

A recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards. Virtually all chip-based cards still have much of the same data that's stored in the chip encoded on a magnetic stripe on the back of the card.

The same group noted that while banks continue to show the most interest in threat intelligence, over the past 12 months healthcare organizations have doubled their research into it, manufacturers have increased their interest in threat intelligence more than 50%, and energy and utilities are asking about it 30 percent more frequently, as is the services sector. Can the rest of the world catch up to the same level of security effectiveness that banks have achieved? Data showing that more sectors are diving deeper into security is a promising sign.

The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. We're told only a small fraction of the crooks lurking on the boards were commercial traders buying and selling stolen cards for cybercrime use.

Stolen domain admin login credentials can be resold by dark web criminals for up to £95,000 and a total of 15 billion purloined credentials are traded on illicit marketplaces. "Rick Holland, CISO and strategy veep of Digital Shadows, mused:"The sheer number of credentials available is staggering and in just over the past 1.5 years, we've identified and alerted our customers to some 27 million [leaked] credentials which could directly affect them.... "Details exposed from one breach could be re-used to compromise accounts used elsewhere. The message is simple - consumers should use different passwords for every account and organizations should stay ahead of the criminals by tracking where the details of their employees and customers could be compromised."

Barclays Bank appears to have been using no less than the Internet Archive's Wayback Machine as a "Content distribution network" to serve up a Javascript file. Archive.org went down, it would presumably break Barclays' website as well.

The phishing email leads recipients to a phony BOA landing page in an attempt to steal their banking credentials, according to Armorblox. A blog post published Thursday by security provider Armorblox explains how a recent phishing campaign impersonates Bank of America.

The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old data centre in the Pretoria city centre.