Tag Archives: hacker

Immediate Vault Immediate Access

Tips for Preventing Virtual Shoplifters

Posted on by

E-commerce business models have many advantages over brick-and-mortar retailers, including lower overhead, more flexibility in product and price testing, and more opportunities to manage inventory at optimal levels based on shopper behavior and current web analytics. However, an e-commerce business can’t escape all the realities of merchants with physical storefronts—including shoplifters.

Here are six tips for preventing virtual shoplifters:

Safeguard your platform. An open-source e-commerce platform could make you more vulnerable to hackers. Ensure that you host your site with a platform that uses object-oriented programing language. Ideally, the administrative portions of your site should be completely inaccessible to anyone outside of your organization.

Maximize your SSL strategy. Use of Secure Sockets Layer (SSL) certificates have become commonplace in online transactions that involve sensitive data. As Rick Andrews from Symantec recently advised in a CIO Magazine article, however, their opportunities can be further maximized—and it may even translate into conversion improvements at customer checkout. “Integrate the stronger EV SSL [Extended Validation Secure Sockets Layer], URL green bar and SSL security seal so customers know that your website is safe,” Andrews said.

Additionally, mandate consistent business processes to ensure someone in your company is tasked with staying abreast of the latest changes in the world of online security, and keeping systems current in light of them. In mid-April, for example, the Payment Card Industry Standards Security Council (PCI SSI) announced it found vulnerabilities in the current SSL and TLC (Transport Layer Security) methodologies, exposed in part by Heartbleed and Poodle. Although merchants have until June 30, 2016 to revise their SSL protocol to remain PCI compliant, a business is vulnerable to hackers who are well aware of the opportunities to take advantage of such security “holes,” until the security updates are in place.

Follow PCI compliance standards. In addition to incorporating PCI-compliant secure payment gateways into your e-commerce site to process transactions, confirm that you aren’t storing sensitive customer data (also prohibited by PCI standards)—even if you do so to streamline return procedures.

buy stendra online www.cappskids.org/wp-content/uploads/2023/10/jpg/stendra.html no prescription pharmacy

While it may extend the length of your checkout and return processes slightly, what your business stands to lose in the form of risk exposure due to stored sensitive data outweighs potential efficiency gains.

Verify card information with addresses. Although e-commerce transactions inherently include “card not present” scenarios, you can still take steps to reduce the risk of fraudulent transactions. Implement address verification systems to detect potential information discrepancies between card information and the customer. Require that the customer input security information shown on the physical card, like the three- or four-digit card verification on the back or front of the card (in the case of American Express).

Set alerts—and pay attention to them.

buy female cialis online www.cappskids.org/wp-content/uploads/2023/10/jpg/female-cialis.html no prescription pharmacy

Security alerts can detect suspicious activity before it spirals into a full-scale cybertheft—but only if you take them seriously. In the case of the Target data breach, Bloomberg reported that the merchant’s security alerts did sense suspicious activity well before the data breach was underway, but that the threats weren’t taken seriously by technology staff. At minimum, every e-commerce business should have alerts to detect unusually high activity originating from a single IP address, and to flag customers who order multiple times using different cards, in a short period of time.

Install “patches” as soon as they are available.  Your software and operating systems are only secure if they’re current. When new versions of software are released, install them as soon as possible—and immediately, if the update involves a patch developed because a vulnerability was detected.

If you operated a brick-and-mortar business you wouldn’t leave your cash registers unattended or doors unlocked after business hours—but gaps in online security are akin to doing just that when you have an e-commerce business.

buy nizoral online www.cappskids.org/wp-content/uploads/2023/10/jpg/nizoral.html no prescription pharmacy

Establish processes and security procedures to ensure that you remain aware of changes in security standards, potential threats and areas of vulnerability. While you may not stop virtual shoplifters and fraudulent transactions entirely, optimizing your site security is your best line of defense.

Darkhotel Cyber Attacks Are Targeting Traveling Executives

Posted on by

darkhotel cyber attack

Traveling business executives have been falling prey to cybercriminals acting through hotel Internet networks since at least 2009. In an ongoing, sophisticated “espionage campaign” nicknamed “Darkhotel,” thousands of people traveling through Asia have been targeted and hacked through infected hotel WiFi, cybersecurity company Kapersky Lab reported Monday. About two-thirds of the attacks took place in Japan, while others occurred in Taiwan, China and other Asian countries.

“For the past few years, a strong actor named Darkhotel has performed a number of successful attacks against high-profile individuals, employing methods and techniques that go well beyond typical cybercriminal behavior,” said Kurt Baumgartner, principal security researcher at Kaspersky Lab. “This threat actor has operational competence, mathematical and crypto-analytical offensive capabilities, and other resources that are sufficient to abuse trusted commercial networks and target specific victim categories with strategic precision.”

So strategic, in fact, that the hackers appear to know the names, arrival and departure times, and room numbers of the targets. While maintaining an intrusion on hotel networks, the hackers used this information, waiting until the victim checked in and logged on to the hotel Wi-Fi, then submitting their room number and surname to log in. When the hackers saw the victim on the network, they would trick the executive into downloading and installing a “backdoor” with the Darkhorse spying software disguised as an update for legitimate software like Google Toolbar, Adobe Flash or Windows messenger. Once installed, the backdoor can be used to download other spying tools, such as an advanced keylogger and an information-stealing module.

“These tools collect data about the system and the anti-malware software installed on it, steal all keystrokes, and hunt for cached passwords in Firefox, Chrome and Internet Explorer; login credentials for Gmail Notifier, Twitter, Facebook, Yahoo! and Google; and other private information,” Kapersky explained. “Victims lose sensitive information likely to be the intellectual property of the business entities they represent.”

While the company has identified the means of attack and many of the victims, the hackers carrying them out remain active, the company warned. The attackers did leave a footprint in part of the malicious code—two Korean characters—but, while the cryptographic skills suggest there may be a government entity behind it, some elements of the attacks could be performed by the most basic cybercriminals, and no one has been identified.

Kapersky Lab offered tips to guard against Darkhotel and other cybersecurity threats targeting travelers:

When traveling, any network, even semi-private ones in hotels, should be viewed as potentially dangerous. The Darkhotel case illustrates an evolving attack vector: individuals who possess valuable information can easily fall victim to Darkhotel itself, as it is still active, or to something similar to a Darkhotel attack. To prevent this, Kaspersky Lab has the following tips:

  • Choose a Virtual Private Network (VPN) provider—you will get an encrypted communication channel when accessing public or semi-public Wi-Fi
  • When traveling, always regard software updates as suspicious. Confirm that the proposed update installer is signed by the appropriate vendor
  • Make sure your Internet security solution includes proactive defense against new threats rather than just basic antivirus protection

A Weekend of Hacker Attacks

Posted on by

Over the weekend, pharmacy giant Walgreens fell victim to a computer criminal that stole its email marketing list from a third party. The hacker then sent out realistic looking spam that asked people to enter their personal information into a web page controlled by hackers. Even worse, those customers that had opted out of receiving marketing emails from the drug store had their information stolen as well.

McDonald’s also experienced a data breach via a third party attack. Arc Worldwide is a company hired by McDonald’s to manage its promotional email campaigns. Arc Worldwide hired another company to actually send these promotional emails. It is that company, the name of which remains anonymous, that was the target of hackers. Though the stolen data did not contain sensitive information such as Social Security numbers or credit card information, it did contain names, phone numbers and physical addresses.

And lastly, Gawker media sites were targeted this weekend with hackers going after their more than one million commenters’ usernames and passwords. Those responsible for the attack, a group of hackers known as Gnosis, had a few words for Gawker.

buy finasteride online www.gcbhllc.org/scripts/html/finasteride.html no prescription pharmacy

“We went after Gawker because of their outright arrogance”—possibly towards the hacker community—”It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database. We have had access to all of their emails for a long time as well as most of their infrastructure powering the site. Gawkmedia has possibly the worst security I have ever seen. It is scary how poor it is. Their servers run horribly outdated kernel versions, their site is filled with numerous exploitable code and their database is publicly accessible.

buy proscar online www.gcbhllc.org/scripts/html/proscar.html no prescription pharmacy

It’s hard to believe that in 2010 we are still seeing major corporations and media outlets continuously, though unintentionally for the most part, exposing sensitive information. Yes, many blame hackers for disrupting business, stealing personal information and even shutting down websites entirely.

buy ciprodex online www.gcbhllc.org/scripts/html/ciprodex.html no prescription pharmacy

But one thing these hackers are not credited with is how they force these companies to adopt stricter web security. It would be tough to find a well-known company whose system was hacked and yet they did nothing to prevent such incidents in the future.

There’s a good and a bad to everything.