Shopping sites victimized, a slip at Microsoft and cryptocurrency blues
Welcome to Cyber Security Today. It’s Friday May 24th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.
Trust is at the heart of buying products online. But blind trust will get your burned. This comes to mind with a report from security vendor Malwarebytes that criminals have found a new way to steal credit card and login information by compromising particular e-commerce sites. Usually to start the payment process a site may ask you to enter your previously registered email address. Then the system pulls up payment options. The scam interrupts that process by adding a phony but realistic checkout page that also asks you for your credit card information as well as your email address. This data is captured by criminals. After filling the page out, you then get transferred back to the real checkout page, where you again have to enter your credit card number. And that’s a tip-off you’ve been suckered.
It’s not easy for shoppers to see the signs a web page payment system has been hacked. One way is by noticing if there’s a different routine for payment than the last time you used the site. Still, the onus is on shopping sites and payment providers to get tough, improve their web page security and regularly check their code.
A lot of things that make computing secure on your laptop or smartphone we don’t see. One of them is the invisible exchange of what are called digital certificates between devices and web sites that verify connections are secure. That’s the HTTPS you see in the address bar. Companies have to buy and remember to renew certificates, or there can be trouble. Microsoft found that out this week when users tried to log into LinkedIn and got a warning that their connection wasn’t secure. SecurityWeek reports Microsoft quickly renewed the certificate. The lesson to corporate security pros is that there are processes for keeping an eye on digital certificates. This shouldn’t happen.
An Australian government IT contractor faces up to 10 years in prison for using government computers to mine for cryptocurrency. That’s the act of using a computer to solve complex mathematical questions and get free digital money. Police allege the man earned about $6,000 in US currency.
Speaking of cryptocurrency, this week Dutch authorities shut down a website called Bestmixer that was helping criminals launder cryptocurrency. Another win for the good guys.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomo