Aite Group – Computer Security Articles

The Risk of Weak Online Banking Passwords

August 5, 2019 admin 2fa, Aite Group, alex holden, Alissa Knight, Brian Costello, Financial Data Exchange, Hold Security, Latest Warnings, Mint, Paypal, Plaid, The Coming Storm, YNAB, Yodlee, Zelle

Credit to Author: BrianKrebs| Date: Mon, 05 Aug 2019 14:04:27 +0000

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint, Plaid, Yodlee, YNAB and others to surveil and drain consumer accounts online.

Independent Krebs

A Chief Security Concern for Executive Teams

December 20, 2018 admin A Little Sunshine, Aite Group, Alissa Valentina Knight, Anthony Belfiore, CISO, CSO, Equifax breach, Lance Spitzner, SANS Institute, Wall Street Journal

Credit to Author: BrianKrebs| Date: Tue, 18 Dec 2018 21:23:10 +0000

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough. KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.

Independent Krebs

A Breach, or Just a Forced Password Reset?

December 4, 2018 admin A Little Sunshine, Aite Group, auth0, Citrix, HaveIBeenPwned.com, Jamie Buranich, Julie Conroy, Okta, ShareFile, Troy Hunt

Credit to Author: BrianKrebs| Date: Tue, 04 Dec 2018 21:45:51 +0000

Software giant Citrix Systems recently forced a password reset for many users of its Sharefile content collaboration service, warning it would be doing this on a regular basis in response to password-guessing attacks that target people who re-use passwords across multiple Web sites. Many Sharefile users interpreted this as a breach at Citrix and/or Sharefile, but the company maintains that’s not the case. Here’s a closer look at what happened, and some ideas about how to avoid a repeat of this scenario going forward.

Independent Krebs

Fiserv Flaw Exposed Customer Data at Hundreds of Banks

August 28, 2018 admin Aite Group, Allen Weinberg, data breaches, fiserv, Glenbrook Partners, Julie Conroy, Kristian Erik Hermansen, secureinternetbank.com, The Coming Storm

Credit to Author: BrianKrebs| Date: Tue, 28 Aug 2018 13:27:55 +0000

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned.

Independent Krebs

Buyers Beware of Tampered Gift Cards

December 19, 2017 admin A Little Sunshine, Aite Group, Flint Gatrell, gift card fraud, Kevin Morrison, Latest Warnings, Sam's Club, Wal-Mart

Credit to Author: BrianKrebs| Date: Tue, 19 Dec 2017 16:28:57 +0000

Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it. A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure the card’s redemption code, allowing them to redeem or transfer the card’s balance online after the card is purchased by an unwitting customer.

Independent Krebs

Simple Banking Security Tip: Verbal Passwords

November 6, 2017 admin Aite Group, Andy Greenberg, avivah litan, gartner, Julie Conroy, KBA, Other, verbal password, voice biometrics, wired

Credit to Author: BrianKrebs| Date: Mon, 06 Nov 2017 16:53:03 +0000

There was a time when I was content to let my bank authenticate me over the phone by asking for some personal identifiers (SSN/DOB) that are broadly for sale in the cybercrime underground. At some point, however, I decided this wasn’t acceptable for institutions that held significant chunks of our money, and I began taking our business away from those that wouldn’t let me add a simple verbal passphrase that needed to be uttered before any account details could be discussed over the phone.