Expert(s):
Director of DevOps Engineering feature_status*/ ?>
NuData Security

Comments Dotted : 9
March 27, 2020

Experts Insight On Tupperware Website Hacked And Infected With Payment Card Skimmer
Once the consumer payment card data has been skimmed by an attacker that payment card needs to be rendered inoperable.
Web skimmers or Magecart scripts work by taking advantage of an infrastructure vulnerability caused by misconfiguration. The misconfiguration enables an attacker to discover a potentially vulnerable website (using a shotgun approach) and upload the malicious code to service provider. To avoid this type of misconfigurations, it’s useful to comply with standardized security benchmarks – like the one from Center for Internet Security (CIS) which would enable an organization to validate their.....Read More
Web skimmers or Magecart scripts work by taking advantage of an infrastructure vulnerability caused by misconfiguration. The misconfiguration enables an attacker to discover a potentially vulnerable website (using a shotgun approach) and upload the malicious code to service provider. To avoid this type of misconfigurations, it’s useful to comply with standardized security benchmarks – like the one from Center for Internet Security (CIS) which would enable an organization to validate their internal vulnerabilities. It’s also recommended to run a web application firewall with rules that cover common exploits as described by the Open Web Application Security Project (OWASP). Once the consumer payment card data has been skimmed by an attacker that payment card needs to be rendered inoperable. For businesses that accept payments online, the best way to mitigate financial or reputation damage from an attacker using breached consumer payment card data is by adopting a layered approach to security, applying in-depth defense. By adopting behavioral and passive biometrics technologies that identifying customers by their online behavior instead of relying on credentials or credit card numbers companies can verify a consumer or validate a transaction. This method allows companies to block transactions from credit cards that have been stolen without impacting consumers.  Read Less
February 07, 2020

Experts On New Banking Trojan Tricks Users To Retype Passwords Only For Them To Be Stolen
While banks are employing various technologies to identify the true customer online.
Banks and consumers are under continuous attacks by cybercriminals that will try to find any crack in defences to track and step in the middle between consumers and banks. While banks are employing various technologies to identify the true customer online, they just can’t protect them when hackers target consumers. Experts advise never to click on an attachment sent to you, but time and again cybercriminals come up with the most sophisticated method to trick the end user into clicking. From.....Read More
Banks and consumers are under continuous attacks by cybercriminals that will try to find any crack in defences to track and step in the middle between consumers and banks. While banks are employing various technologies to identify the true customer online, they just can’t protect them when hackers target consumers. Experts advise never to click on an attachment sent to you, but time and again cybercriminals come up with the most sophisticated method to trick the end user into clicking. From the moment a user receives the malicious email in their inbox, the clock is ticking - most users will click on links and provide their information, or open a malware infected document without thinking twice. Once they do, their credentials are immediately harvested for hackers to leverage or sell on the Dark Web. Educating end users is clearly not enough, nor is the deployment of technical countermeasures to protect end users.  Read Less
February 05, 2020

Experts On Adoption Of Facial Recognition
This is why organizations need to implement multifactor authentication mechanisms.
Facial recognition is becoming a key technology across industry verticals, including education, voting, dating, and commerce. Instituting physical biometrics identifies individuals based on physical characteristics, which help to authenticate that you are who you say you are. Physical biometrics as an authentication factor is a great start, but, in security, a layered approach is required. A leading security approach should be like an onion. An onion has many layers, so when cybercriminals get.....Read More
Facial recognition is becoming a key technology across industry verticals, including education, voting, dating, and commerce. Instituting physical biometrics identifies individuals based on physical characteristics, which help to authenticate that you are who you say you are. Physical biometrics as an authentication factor is a great start, but, in security, a layered approach is required. A leading security approach should be like an onion. An onion has many layers, so when cybercriminals get around one security layer, there is another one lined up behind it ready to protect your accounts and your identity. This is why organizations need to implement multifactor authentication mechanisms, using physical biometrics (like facial recognition) with passive biometrics and behavioral analytics so that individuals are not only identified with their physical attributes but also with layered security controls. Using multiple technologies and security layers increases confidence in online services by preventing successful cyber-attacks while choosing the right technology can lead to lower friction and enhanced experience for customers.  Read Less
January 06, 2020

Experts Comment: Landry’s Inc Hacked Despite End-to-end Encryption
The entire payment chain needs to be secured on the technology side while paying special attention to the human element.
The Landry breach is a prime example of why all credit card systems have to be secured throughout the payment chain, including devices that are not meant to store credit card information. At the same time, without educating employees, it is only a matter of time before bad actors find the weak spot and capitalize on it. The entire payment chain needs to be secured on the technology side while paying special attention to the human element. Implementing best practices and processes for employees.....Read More
The Landry breach is a prime example of why all credit card systems have to be secured throughout the payment chain, including devices that are not meant to store credit card information. At the same time, without educating employees, it is only a matter of time before bad actors find the weak spot and capitalize on it. The entire payment chain needs to be secured on the technology side while paying special attention to the human element. Implementing best practices and processes for employees is essential as they often act as the first line of defense. Justin explains, “To fight fraud after credit card information has been stolen, restaurants and other hospitality companies offering services in the card-not-present (CNP) space need to identify customers additionally by analyzing their online behavior combined with hundreds of other identifiers such as typing patterns that hackers can't imitate or steal. Leveraging a fully integrated multi-layered security approach that includes passive biometrics is one way to make stolen card information valueless to the hacker trying to shop online.  Read Less
January 01, 2020

Comment: Canadian Banks Impersonated In Two-year Long Phishing Attack
Educating end users is not a reliable solution.
Phishing schemes have become extremely sophisticated, targeted and deployed with all the power of social media aimed at stripping end users of their authentication credentials and other sensitive information. With phishing emails, from the moment a user receives a malicious email in their inbox, the clock is ticking - most users will click on links and provide their information, or open a malware infected document in that first hour. Once they do, their credentials are immediately harvested for .....Read More
Phishing schemes have become extremely sophisticated, targeted and deployed with all the power of social media aimed at stripping end users of their authentication credentials and other sensitive information. With phishing emails, from the moment a user receives a malicious email in their inbox, the clock is ticking - most users will click on links and provide their information, or open a malware infected document in that first hour. Once they do, their credentials are immediately harvested for hackers to leverage or sell on the Dark Web. Educating end users is not a reliable solution. The continued success of these attacks highlights a major flaw in identity validation techniques that can be stolen and reused. A multi-layered approach to authentication that provides newer and more secure techniques such as passive biometrics and behavioral analytics should be implemented by companies to determine if the expected human user is accessing and transacting on the account or a cybercriminal that needs to be blocked.  Read Less
August 28, 2019

Experts Dots On Hostinger Breach
Once your login credentials are compromised, you must consider them compromised for every service provider.
With the usernames, SHA-1 hashed passwords, email addresses, names, and IP addresses of over 14 million Hostinger customers now breached, customers of Hostinger must immediately change their passwords along with any other accounts that they might have reused the same password on. Customers must also consider whether their accounts were fraudulently accessed on Hostinger and other locations online. The migration from a SHA-1 hashing scheme to SHA-256 will greatly improve the security of.....Read More
With the usernames, SHA-1 hashed passwords, email addresses, names, and IP addresses of over 14 million Hostinger customers now breached, customers of Hostinger must immediately change their passwords along with any other accounts that they might have reused the same password on. Customers must also consider whether their accounts were fraudulently accessed on Hostinger and other locations online. The migration from a SHA-1 hashing scheme to SHA-256 will greatly improve the security of consumers’ passwords stored by Hostinger. In addition to the move to SHA-256 it’s important that the password is salted with unique information prior to being hashed to improve the security of the hash further. Customers interested in mitigating the impact of the breach to their accounts must use unique and complex passwords with multifactor authentication where available. Once your login credentials are compromised, you must consider them compromised for every service provider where you reused the username and password combination. If you’re looking for help managing unique and complex passwords, a password manager like Lastpass or Onelogin can be extremely useful to help create and manage your passwords. For service providers wishing to avoid sophisticated attacks that reuse the data from this breach, two-factor authentication can be combined with other security layers such as passive biometrics and behavioral analytics, so that if one layer fails, another layer of security takes over, protecting the customers' accounts even if the credentials have been stolen. While two-factor authentication capabilities can help verify the user, behavioral analytics and passive biometrics allow you to learn and trust the user’s behavior both at login and across the session. This way you put the trust on the human instead of the device. With passive biometrics, customers are identified by their behavior online and not by static data such as passwords or one-time codes. This inherent behavior cannot be duplicated by hackers, even if they use correct static data, devaluing stolen credentials and protecting the customer account.  Read Less
August 23, 2019

Cyber Threats Against Financial Services Up 56%
Attackers do not recognise borders, boundaries, or nationalities.
There are three main threats to highlight for financial services organisations. These include social engineering attacks, attacks that take advantage of misconfigurations, and attacks that leverage consumer information from data breaches. A major threat from data breaches is how the data is used in common attacks like credential stuffing and fraudulent account creation to undermine consumer confidence while bypassing many traditional security solutions. Attackers do not recognise borders,.....Read More
There are three main threats to highlight for financial services organisations. These include social engineering attacks, attacks that take advantage of misconfigurations, and attacks that leverage consumer information from data breaches. A major threat from data breaches is how the data is used in common attacks like credential stuffing and fraudulent account creation to undermine consumer confidence while bypassing many traditional security solutions. Attackers do not recognise borders, boundaries, or nationalities, and attacks can originate from anywhere and make use of advanced spoofing techniques to disguise their traffic as legitimate, normal traffic. In NuData’s most recent review of fraudulent threats, the US was flagged as a top risk country. However, keep in mind that attackers have become more sophisticated at spoofing geo-location data correctly and masking their true location. Many attackers are focused on conducting targeted intrusions for more effective financial gain, making financial institutions and subscription services high-value targets. Most subscription services are backed by a bank account or payment card. To defend against attackers, organisations need to take a layered approach to user authentication and use authentication processes that make use of multiple factors, typically something you know, have, or are. Biometrics, like fingerprint or iris scans, are something that you are. So, a biometric factor can help to authenticate that you are who you say you are, if the device and authentication workflow supports a biometric factor. Another example of a biometric factor is passive biometrics, which is a versatile factor used in frictionless solutions. Advanced technologies are used to recognise patterns, such as how consumers type, how they browse, how they move their mouse, or how they interact with their device.  Read Less
August 09, 2019

Group Dating App 3fun Exposed Sensitive Data On 1.5 Million Users
The experience is frictionless to most consumers (as long as they don’t show signs of risk.
Attackers could have used 3fun to create profiles of the users with both typical profile information and physical location data of its users who are billed as kinky, open-minded people. This can be sensitive information that used for harassment and persecution of LGBTQ+ individuals. Due to the multiple security vulnerabilities in the application, researchers were able to manipulate their session details to change data attributes and collect profile information of other registered users. This is .....Read More
Attackers could have used 3fun to create profiles of the users with both typical profile information and physical location data of its users who are billed as kinky, open-minded people. This can be sensitive information that used for harassment and persecution of LGBTQ+ individuals. Due to the multiple security vulnerabilities in the application, researchers were able to manipulate their session details to change data attributes and collect profile information of other registered users. This is where a layered security approach that establishes a trusted device profile is critical to providing a better consumer experience that validates the device and prevents attribute spoofing. The experience is frictionless to most consumers (as long as they don’t show signs of risk, there is no need for additional authentication) while it mitigates the risk organizations face such as spoofed or manipulated device intelligence data. It’s important to foster inclusion and diversity in all environments – acceptance matters.  Read Less
August 07, 2019

Weak Online Banking Passwords Opening The Door To Online Accounts
For financial institutions, it is important to use a layered approach for consumer identity verification combined with emergent technologies.
With cybercriminals targeting every part of the banking supply chain, including the consumer, consumers must participate in their own security. That means coming up with a unique password that is used in no other place, changing passwords, and demanding multifactor authentication throughout the banking chain. If users employ the same passwords among all their accounts, then cybercriminals will pick the first lock and the rest of their accounts will go down like dominos. For financial.....Read More
With cybercriminals targeting every part of the banking supply chain, including the consumer, consumers must participate in their own security. That means coming up with a unique password that is used in no other place, changing passwords, and demanding multifactor authentication throughout the banking chain. If users employ the same passwords among all their accounts, then cybercriminals will pick the first lock and the rest of their accounts will go down like dominos. For financial institutions, it is important to use a layered approach for consumer identity verification combined with emergent technologies such as passive biometrics. To ensure that consumers receive a frictionless experience, it’s important to implement a solution that will identify customers by their online behavior instead of by static credentials which have almost all been compromised in one way or another. This method allows financial organizations to block any fraudulent transactions, even if the cybercriminals have the correct stolen credentials.  Read Less