Bij ruim honderd webwinkels, waaronder ook Nederlandse bedrijven, weten criminelen via formjacking creditcardgegevens van klanten te stelen. Dat stelt securitybedrijf 360Netlab in een analyse. Criminelen hebben op de betaalpagina van de webshops kwaadaardige JavaScript-code weten te plaatsen.

Zodra klanten ervoor kiezen om via creditcard te betalen en hun creditcardgegevens invullen, worden die door de code naar de criminelen gestuurd.

De kwaadaardige JavaScript-code wordt geladen vanaf een domein met daarin de naam van Magento, de software waar veel webwinkels gebruik van maken. Het domein werd vorig jaar mei geregistreerd.

You know, an email that’s designed to look like it’s from your bank - or another bank - telling you that you need to upgrade your security urgently to prevent fraud on your account and instructing you to click on a link.

That links lead to you providing your bank log-in details and password, a cellphone sim swap gets your one-time-pin (OTP) sent to the fraudster’s phone instead of yours, and into your bank account they go. Most people are wise to that one now, so the fraudsters have moved on.

According to the Ombudsman for Banking Services, Reana Steyn, credit card fraud has been rapidly outpacing all other forms of bank fraud in recent months, with many older people, in particular, being sweet-talked by fraudsters posing as bank officials into revealing their one-time-password (OTP) over the phone.

That’s more than 30% of people on the planet with internet access. In one month! All of that during April 2019, bringing the annual total to 5.64 billion. I wonder what will happen in May.

An article on IT Governance Blog details all of the cyber-attacks, ransomware, data breaches and financial information that was compromised during the most recent month. There’s over 70 in the list including 25 healthcare providers and 19 schools and government agencies. I doubt the list is complete.

The real challenge with cyber-attacks in general and phishing attacks in particular isn’t technology, it’s denial. The technology to prevent most of these attacks already exists, it’s easy to deploy and extremely affordable. And yet, dozens of organizations get breached every month.

Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.

Newly leaked documents purportedly about a hitherto unknown Iranian cyber espionage group called Rana show in some detail the considerable planning and attention that goes into modern advanced persistent threat (APT) operations.

For enterprise organizations, the documents — if authentic — provide a rare glimpse of the methodical manner in which APT groups go after targets, gather information, find weak spots, and devise strategies for exploiting them.

There are never enough hours in the day for your typical business executive. The stresses of running a modern business can stretch even the most productive, and early-rising, individuals to the limit.

A Harvard Business Review report from last year, for example, claimed that CEOs work on average 62.5 hours per week — over 50% more than a regular full-time employee. Unfortunately, this may have serious repercussions for cybersecurity.

The latest Verizon Data Breach Investigations Report (DBIR) claims that senior execs are many times more likely to be the target of a breach or serious security incident that in years past. Why? Because they have a crucial combination of not enough time to vet social engineers, alongside privileged network access and organisation-wide authority.

Metrocare Services, a mental health services provider in North Texas, got affected by the second phishing attack in last few months. This second phishing attack saw an unauthorized individual accessing email accounts of a number of employees.

The breach was discovered first by the officials on Feb. 6, 2019. Soon after discovering the breach, the compromised email accounts were secured so as to stop further access and an investigation has been launched. The investigation found that the email accounts got first compromised in Jan. 2019.

The breach investigation by the officials did not find any evidence that will suggest emails containing the Protected Health Information (PHI) was accessed or copied by the hacker, but PHI access as well as theft cannot be ruled out.

Facebook has been accused of "auto-generating" extremist content, including a celebratory jihadist video and a business page for al-Qaeda. The material was uncovered by an anonymous whistleblower who filed an official complaint to US regulators.

Similar content for self-identified Nazis and white supremacist groups was also found online. Facebook said it had got better at deleting extreme content but its systems were not perfect.

The whistleblower's study lasted five months and monitored pages of 3,000 people who liked or connected to organisations listed as terrorist groups by the US government.

The Justice Department unsealed an indictment of two Chinese nationals on Thursday, charging them with the 2014 hack of the insurance company Anthem and attacks on three other, unnamed American businesses the next year.

The charges were the latest in a string of aggressive moves by American officials who say they are trying to crack down on theft of trade secrets and personal data by China.

A federal grand jury in Indianapolis, where Anthem is based, charged Fujie Wang, 32, of Shenzhen, China, and an individual indicted as John Doe with conspiring to commit fraud, wire fraud and intentional damage to a protected computer.

No information technology process is free. There is always a cost; if not to the service consumer, then most definitely to the service provider. Data protection in the form of either encryption or tokenisation is no exception.

When these technologies are added to an existing IT process, costs go up, according to Micro Focus. These can be direct costs, in the form of acquiring more equipment or software licences or spending more on operational costs, such as power and staff.

Or the costs can be indirect, for example, taking more time to complete an IT process as data protection is CPU-intensive.

FINTECH and banking are individually very strong industries that have the potential to influence and impact the finance world greatly.

While one has been around for over five centuries, another has just gone mainstream in the last year or so. By nature and design, fintech and banking need one another to serve customers better in this digital era.

It is time that financial institutions reassess what they can offer to their consumer journey as they climb the digital maturity curve. Traditional banking features like savings and even online banking are now considered the basis of banking.

Health experts harbor well-grounded fears over the rise of antibiotic-resistant bacteria, and the continuing streak of newly discovered threats will do little to allay the concerns.

The latest comes from scientists at Cornell University, who have discovered a previously unknown gene that can leap between organisms to facilitate resistance to an important last-resort antibiotic.

The significance of this discovery is predicated on the vital importance of the antiobotic this new gene was proven to help bacteria overcome. Colistin is regarded by the World Health Organization as a "highest priority critically important antimicrobial for human medicine," due to its role as a last-resort antibiotic used by clinicians to treat infections caused by bacteria already resistant to other, less effective medicines.