ESET Threat Blog

We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to … Read More…

We've noted the often staggering fees associated with a credit card breach, normally accompanied by a slew of bad press. We've seen Stratfor, in light of their recent hack, dealing with public exposure issues due, in part, to unencrypted payment card information (for which, to their credt, they’ve publicly apologized for). Now we see a … Read More…

Newton's 3rd law is often stated as "for every action there is an equal and opposite reaction." Actually, what Newton actually said is a little more complex* than that, but this article isn't about physics (or else I'd leave the discussion to someone better qualified). 
The Internet, despite its grounding in the physical world of hardware … Read More…

Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack.
Also, we … Read More…

We’ve noted recently that many companies store credit card information in an unencrypted form, sometimes several years' worth. So what happens if your systems get hacked before you get around to securing that credit card data? Sure, there’s the embarrassment of telling your customers their data has been exposed–a legal requirement in more than 40 … Read More…

More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?
Also, … Read More…

“Operation Swiper” just busted the largest theft ring of its type in U.S. history. The $13 million dollar crime ring was exposed after a 2 year investigation by the New York City Police, primarily centering around selling Apple electronics overseas, according to Reuters. New York City Police Raymond Kelly said at a press conference “The … Read More…

This is actually a resource from 2009 that someone brought to my attention today. Skimming in this instance is nothing to do with separating milk, or speedreading, or even throwing stones across the lake. It's the not-so-gentle art of stealing credit (or debit) card data, normally in the course of a legitimate transaction.
A common example … Read More…

Back in March 2009 I blogged here about some spam I was receiving at the time offering various items of software, notably PDF managers and Office applications (to be precise, Open Office). It caught my attention at the time because one of the mails I received offered what looked very much like a fake antivirus … Read More…

Further to an earlier blog about the "broken" Chip & PIN credit card security system (strictly speaking, the primary problem described is with EMV), it's noticeable that, as John Leyden puts it, "Industry groups [have] leap[t] to Chip and PIN's defence."
In fact, the response has been a bit more mixed than that. But there have … Read More…