Malware - Security Intelligence

When a bank employs reasonable methods of fraud prevention and the customer opts out, who is responsible when cyber criminals come calling? A U.S. District Court in Missouri has set a new precedent by ruling that it isn't the bank's fault.

article

Fraud Prevention on Trial: Effectiveness vs. Convenience

When it comes to online banking, what is considered a commercially reasonable means of fraud protection, and how effective are those means to begin with?

March 25, 2013 | By George Tubin

article

Defending your company through blacklisting and white-listing techniques. Which one is better for your company? It depends on what you're trying to achieve and the kinds of attacks you're attempting to avoid.

article

Blacklisting, White-listing and the Way Forward: Comments on the Schneier-Ranum Face-Off

Will white-listing or blacklisting better protect your enterprise? We weigh in on the ongoing debate.

March 20, 2013 | By George Tubin

article

Risk detection should identify the openings through which malware attempts to access sensitive data. Financial institutions need to step up their game by examining malware's three-part infection cycle, or they will never see it coming.

article

Is Your Risk Engine Shortsighted? Improve Its Vision With a Holistic View

A firm can face a malware breach if its risk engine does not see every stage of an attack, as one bank recently discovered.

March 19, 2013 | By George Tubin

article

Java is the most vulnerable programming language used by businesses today; however, it may be too critical to a business's functionality to remove. Many firms use programs that require usage of older versions of the script.

article

Can You Get Rid of Java?

Java suffers the most malware infections of any programming language and recent zero-day exploits now warrant removing it from business applications.

March 7, 2013 | By George Tubin

article

A new type of universal man-in-the-browser attack targets any website that accepts a credit card rather than a specific site. "Verified by Visa" and "MasterCard SourceCode" information has already been stolen from some victims as part of the attack.

article

Live on Video: uMitB Steals ‘Verified by Visa’ and ‘MasterCard SecureCode’ Credentials

A new video shows a uMitB scam stealing "Verified by Visa" and "MasterCard SecureCode" credentials from unsuspecting victims through a webinject.

March 6, 2013 | By George Tubin

article

article

Back to Basics: Malware Authors Downgrade Tactics to Stay Under the Radar

Malware authors have created variants to monitor Web sessions between a customer and their bank in order to change data in real time and steal information.

February 7, 2013 | By Amit Klein

article

While some believe devices can be kept secure by taking away employees' administrative rights, drive-by downloads, zero-day exploits and other types of attacks can persist even when malicious software has not been installed in the system.

article

Endpoint Security: No Admin Rights, No Malware? Yeah, Right!

Endpoint security can be compromised if employees have permission to make administrative changes on company devices. However, they may still be at risk.

February 6, 2013 | By George Tubin

article