There are plenty of cyber security buzzwords flying around these days but few are heard as often as the phrase "zero-day attacks." In fact, it even made an appearance in our article on predicted threats for 2016. Experts see zero-day attacks becoming much more prevalent and continuing to do so throughout 2016. While many people have heard the phrase, we often find that unless the person is highly technical or a security professional, they don't know what it means. So we are here to help!
The Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ) has released a securtiy alert about malware known as Dridex affecting Windows users (find out more about what malware is here).
The Federal Bureau of Investigation (FBI) has issued an alert to consumers and merchants about the security risks involved with EMV Cards. An EMV card is a credit or debit card with a microchip that helps protect cardholder data. The EMV card has a PIN that is used when a purchase is being made, allowing the merchant to verify the cardholder through an EMV terminal. However, the FBI stated that "no one technology eliminates fraud, cybercriminals will continue to look for opportunities to steal payment information".
Artist crowdfunding service Patreon has become the latest victim of a data breach. The breach has lead to theft and leaking of user data online. Patreon CEO and co-founder Jack Conte said a database containing user information had been compromised, leading to unauthorized access to data including registered names, email addresses, posts, and some shipping addresses in addition to a number of billing addresses stored prior to 2014. The breach occurred on September 28 by way of a debug version of the Patreon website which was publicly available.
What is cross site scripting?
Cross site scripting is one of the most common types of web attacks. The attack happens when a website has a hole, or vulnerability, where an attacker can inject some of their own code on a trusted website. Basically it starts with a website that is trusted by users and then an attacker sneaks in using a hidden back door and inserts their own scripts or programs. These scripts appear to the outside world to be parted of a trusted website so browsers will happily run the scripts assuming they are trusted content.