Cyber Security Today: Shopping sites victimized, a slip at Microsoft and cryptocurrency blues

Shopping sites victimized, a slip at Microsoft and cryptocurrency blues

Welcome to Cyber Security Today. It’s Friday May 24th. I’m Howard Solomon, contributing reporter on cyber security for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Trust is at the heart of buying products online. But blind trust will get your burned. This comes to mind with a report from security vendor Malwarebytes that criminals have found a new way to steal credit card and login information by compromising particular e-commerce sites. Usually to start the payment process a site may ask you to enter your previously registered email address. Then the system pulls up payment options. The scam interrupts that process by adding a phony but realistic checkout page that also asks you for your credit card information as well as your email address. This data is captured by criminals. After filling the page out, you then get transferred back to the real checkout page, where you again have to enter your credit card number. And that’s a tip-off you’ve been suckered.

It’s not easy for shoppers to see the signs a web page payment system has been hacked. One way is by noticing if there’s a different routine for payment than the last time you used the site. Still, the onus is on shopping sites and payment providers to get tough, improve their web page security and regularly check their code.

A lot of things that make computing secure on your laptop or smartphone we don’t see. One of them is the invisible exchange of what are called digital certificates between devices and web sites that verify connections are secure. That’s the HTTPS you see in the address bar. Companies have to buy and remember to renew certificates, or there can be trouble. Microsoft found that out this week when users tried to log into LinkedIn and got a warning that their connection wasn’t secure. SecurityWeek reports Microsoft quickly renewed the certificate. The lesson to corporate security pros is that there are processes for keeping an eye on digital certificates. This shouldn’t happen.

An Australian government IT contractor faces up to 10 years in prison for using government computers to mine for cryptocurrency. That’s the act of using a computer to solve complex mathematical questions and get free digital money. Police allege the man earned about $6,000 in US currency.

Speaking of cryptocurrency, this week Dutch authorities shut down a website called Bestmixer that was helping criminals launder cryptocurrency. Another win for the good guys.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomo

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast