Category Archives: Security News
Hackers exploit Magento e-commerce vulnerability
Those using Magento’s e-commerce platform should ensure they’re using its latest software, as attackers are increasingly exploiting a flaw patched two months ago, security companies warned.
The vulnerability can allow an attacker to gain complete control over a store with administrator access, potentially allowing credit card theft, wrote Netanel Rubin of Check Point’s Malware and Vulnerability Research Group. As many as 200,000 websites use Magento, which is owned by eBay.
The international effort to confront international cybercrime
Cybercriminals obviously do not respect international borders. So it should be equally obvious that the effort to defeat or even slow them down is going to take an international effort, involving both the public and private sector.
Two of the key government players in that effort — Michael Daniel, U.S. special assistant to the president and cybersecurity coordinator, the White House; and Natalie Black, his UK counterpart as acting director of the Office of Cyber Security and Information Assurance, Cabinet Office — brought that message to RSA 2015 Thursday in a presentation titled, “There Are No Domestic Cyber Issues: U.S. and UK Leaders on Global Partnership.”
Credit card terminals have used same password since 1990s!
While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password.
The vendor wasn’t named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.
Study: Firms not ready to respond to complex threats
Only 46 percent of organizations have confidence that their security teams can respond to complex threats, according to a new study by ISACA.
Another 41 percent said they’re only confident in their ability to respond to simple issues, and 13 percent said that they’re not confident at all.
One reason? Significant hiring shortages in the information security space.
WiFi client vulnerability could expose systems to attacks
A serious flaw in a component that’s used to authenticate clients on Wi-Fi networks could expose Android, Linux, BSD, and possibly Windows and Mac OS X systems to attacks.
The vulnerability is in wpa_supplicant, an open-source software implementation of the IEEE 802.11i specifications for wireless clients.
The component is cross-platform and is used to control WPA and WPA2 wireless connections on Android, Linux and BSD systems. It can also be used by some third-party wireless software on Mac OS X and Windows, but these operating systems have their own built-in supplicant implementations that are used by default.
