Security News

A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce. This new skimmer can also abuse hosted e-commerce systems such as Shopify and BigCommerce, as researchers at Dutch cyber-security company Sansec found, even though they do not provide support for custom checkout pages scripts.

Network operator spend on multi-access edge computing will grow from $2.7 billion in 2020, to $8.3 billion in 2025, as operators invest heavily in upgrading network capacities and infrastructure to support the increasing data generated by 5G networks, according to Juniper Research. The study also revealed that by 2025, the number of deployed multi-access edge computing nodes will reach 2 million globally in 2025, up from 230,000 in 2020.

Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question.

Tom Merritt lists five reasons why SMS should not be used for MFA. Multi-factor authentication, or as we used to call it two-factor authentication, is essential-it means you don't rely on your password alone for security. SMS is the most frequently used additional factor because almost everybody has it, and it's a little easier to manage for developers-but it's also the least secure.

Using SMS as an additional means to authenticate your password is better than nothing, but it's not the most reliable. Tom Merritt lists five reasons why SMS should not be used for MFA.

SS8 Networks has been awarded two multi-million dollar Lawful Intelligence contracts using its Intellego XT and Xcipio family of products. SS8 was awarded these contracts due to their continued effort of providing leading edge and cost-effective solutions.

Businesses around the globe are facing challenges as they try to protect data stored in complex hybrid multi-cloud environments, from the growing threat of ransomware, according to a Veritas Technologies survey. Typically, if businesses fall foul to ransomware and are not able to restore their data from a backup copy of their files, they may look to pay the hackers responsible for the attack to return their information.

Multi-factor authentication, for those who haven't been paying attention, involves adding one or more additional access requirements to password-based authentication. At the same time, he argues people should avoid relying on SMS messages or voice calls to handle one-time passcodes because phone-based protocols are fundamentally insecure.

Ermetic announced a platform that provides full stack visibility and control over multi-cloud infrastructure entitlements. To help security and cloud operations teams reduce their attack surface, Ermetic combines a holistic view of both network access and IAM policy entitlements to comprehensively assess risks.

The purpose of threat intelligence is to collect data from a variety of sources outside of the organization's perimeters and generate intelligence on what is happening "Out there", enriching the organization's security operations. Threat intelligence provides visibility that extends beyond the organization's perimeters - and this visibility is based on the vendor's coverage on intelligence sources.