Posted by Taylor Armerding on September 25, 2018
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup.
Porous payment portals lead to government data breaches, Magecart pwns Newegg, and the Mirai creators trade in their black hats for white ones. Watch this week’s episode here:
via Brian Krebs, Krebs On Security: Even if you don’t trust the government, you’d agree they’re pretty good at taking your money. And that includes vetting the security of their third-party payment processors, right? Not if the recent government data breaches through payment portals are any indication. FireEye reported last week that payment system Click2Gov had malware for almost a year. Worse, it still had malware after developer Superion said they fixed the issue. And Brian Krebs reported that the GovPayNow.com payment system had exposed customer data for over last six years. That’s more than 14 million customer records from 35 states. Learn why government data breaches are trending in security news.
via Charlie Osborne, ZDNet: Ticketmaster. British Airways. ABS-CBN. Newegg. What do these organizations have in common? They’re all apparent victims of Magecart, a threat group that’s currently on a rampage, hacking into payment systems to steal customer data. But the Magecart Newegg breach isn’t virtual; it just got real. Rather than selling all their stolen data outright, the group is running a reshipping operation: Use stolen data to buy high-value goods. Hire U.S. lackeys to ship them overseas. Sell them for cash. Rinse and repeat. Learn more about the Magecart Newegg breach here.
via Mohit Kumar, The Hacker News: It’s easy to dismiss the Mirai creators as bad eggs, irredeemable punks who just wanted to watch the world burn. But at the time, the three young men (now in their early 20s) were just kids playing out their Minecraft rivalries in real life. And for their cooperation with law enforcement over the past year, they’ve have been granted a reprieve. They haven’t entirely escaped punishment (to the tune of several months of community service and a heap of money). But they have stayed out of prison by impressing the feds with their white hat skills. Watch here to learn more about the kids who created Mirai.
Get the latest Software Integrity news, thought leadership, and more.