trustwave - News, Features, and Slideshows

News

• Locky ransomware activity ticks up

  Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself.

• RubyGems DNS flaw now patched after second try

  A revised patch has been released for a flaw in the distribution platform for Ruby applications, RubyGems, which could be used to deliver malware to someone trying to download a program.

• Cybercriminals increasingly target point of sales systems

  The data breach landscape could look very different in the future with the increased adoption of chip-enabled payment cards in North America -- but for now point-of-sale systems account for the majority of breaches there, compared to a tiny minority in other regions of the world.

• Attackers use email spam to infect point-of-sale terminals with new malware

  Cybercriminals are targeting employees who browse the Web or check their email from point-of-sale (PoS) computers, a risky but unfortunately common practice.

• Malware campaign inflated views of pro-Russia videos

  A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave.

• SAP patches login flaw in ASE database

  SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.

• New malware program Punkey targets point-of-sale systems

  Point-of-Sale (PoS) terminals have become an attractive target for hackers over the past year, reflected in the increasing number of RAM-scraping programs that steal payment card information from the memory of such systems.

• The Upload: Your tech news briefing for Wednesday, April 8

  Microsoft to show next Office apps... Intel shrinks RealSense 3D camera for phones... U.S. drug agency started bulk records collection in 1992... and more tech news.

• SingTel acquires TrustWave for managed security services

  SingTel will acquire TrustWave Holdings, the largest U.S. independent provider of managed security services, for $810 million, the companies said on Tuesday.

• Groups to push for encryption, secure payments at White House cyber summit

  The White House heads west to Silicon Valley on Friday looking for ideas on how to improve the nation's cybersecurity, and members of President Barack Obama's administration are likely to get an earful.

• Ghost Linux vulnerability can be exploited through WordPress, other PHP apps

  A critical vulnerability in glibc, a core Linux library, can be exploited remotely through WordPress and likely other PHP applications to compromise Web servers.

• PCI DSS 3.0 went into effect Jan. 1. Are you in compliance?

  This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

• 6 Biggest Business Security Risks and How You Can Fight Back

  Security breaches again made big news in 2014. Yet despite years of headline stories about security leaks and distributed denial-of-service (DDoS) attacks and repeated admonishments from security professionals that businesses (and individuals) needed to do a better job protecting sensitive data, many businesses are still unprepared or not properly protected from a variety of security threats.

• Macro-based malware is making a comeback, researchers warn

  For the past several months, different groups of attackers have distributed malware through Microsoft Office documents that contain malicious macros, reviving a technique that has been out of style for over a decade.

• Point-of-sale malware creators still in business with Spark, an Alina spinoff

  A malware program dubbed Spark that steals payment card data from compromised point-of-sale (POS) systems is likely a modification of an older Trojan called Alina, and highlights a continuing, lucrative business for cybercriminals.