But they are being resisted by the banking industry, which sees no need to invest further in PIN technology, already used with debit cards, resulting in halting adoption and widespread confusion.

A small band of retailers with the clout to call the shots on their branded credit cards is leading the charge. Target Corp is moving ahead with a chip-and-PIN rollout, and Wal-Mart Stores Inc plans to do the same.

But Wal-Mart said it faces obstacles because its credit card partner, Synchrony Financial, is not yet able to handle PINs on credit cards. Synchrony declined comment.

Broadly, U.S. banks are unprepared or resisting the change.

The impasse comes after many consumers got their hands on new credit cards embedded with so-called EMV chips in advance of an Oct. 1 deadline that required retailers to accept chip cards or be liable for fraud losses. EMV stands for EuroPay, MasterCard and Visa.

But only about a third of merchants are actually using the chip technology, according to analyst estimates. The number may not pick up until early next year, if at all, because the retail industry typically halts upgrades during the crucial holiday shopping season.

“PIN issuance will remain a niche,” said Julie Conroy, credit-card analyst with Aite Group.

Banks favor using chip cards verified by old-school signatures, even though chip-and-PIN usage has led to lower fraud over the decade they have been used in Europe and elsewhere.

“The PIN is definitely a must,” said Lance James, chief scientist with cyber intelligence firm Flashpoint. “It’s one extra step that provides true two-factor authentication.”

But bankers say PINs provide little benefit beyond the advantage of using chips in combating the estimated $7 billion-plus in annual U.S. card fraud.

EMV chips thwart criminals who use stolen data to create counterfeit cards, a category that Aite estimates accounts for 37 percent of that fraud. Banks say that PINs only provide additional fraud protection when criminals seek to use lost or stolen cards, a situation that Aite estimates accounts for only 14 percent of fraud.

Banking groups say there are better approaches than PINs for verifying customers and have asked retailers to embrace tokenization and encryption to prevent theft of credit card numbers.

“PIN is a static data element that would not have a meaningful impact on overall payments fraud,” said Electronic Payments Coalition spokesman Sam Fabens.

Courtesy-http://www.thegurureview.net/aroundnet-category/confusion-continues-to-reign-with-u-s-chip-pin.html

Researchers from FireEye found that the malicious component, nicknamed Kemoge, has been seeded inside what appear to be legitimate apps offered on third-party application stores.

“This is another malicious adware family, possibly written by Chinese developers or controlled by Chinese hackers, spreading on a global scale that represents a significant threat,” wrote Yulong Zhang, a staff research scientist with FireEye.

Whomever created Kemoge repackaged legitimate apps with the malware and then promoted them on websites and through in-app ads to persuade people to download them.

Zhang listed a dozed affected apps: Sex Cademy, Assistive Touch, Calculator, Kiss Browser, Smart Touch, Shareit, Privacy Lock, Easy Locker, 2048kg, Talking Tom 3, WiFi Enhancer and Light Browser.

Third-party apps stores are considered risky places to download Android apps, as hackers frequently upload malicious apps to them. Google performs a security check on apps in its Play store, although harmful ones occasionally sneak in.

Kemoge not only displays unwanted ads, but it’s also loaded with eight root exploits that target a wide range of Android devices, Zhang wrote. A successful attack using those exploits means an attacker would have complete control over the device.

Kemoge will collect a device’s IMEI (International Mobile Station Equipment Identity) and IMSI (International Mobile Subscriber Identity) numbers, information on storage and apps, and send the information to a remote server.

That command-and-control server was still running, Zhang wrote. An analysis of traffic exchanged between an infected device and the server showed Kemoge also tries to uninstall antivirus apps.

FireEye came across an app called Shareit in Google’s Play store that was signed by the same digital certificate as the malicious one found on the third-party source.

The Google Play version of ShareIt did not have the eight root exploits or contact the command-and-control server, but it did have some of the same Kemoge code libraries. It now appears to be gone from Google Play.

Source-http://www.thegurureview.net/mobile-category/kemoge-malware-menacing-android-phones.html

A Reddit discussion has heard from furious users who spotted that the simplified policy effectively gives the company permission to sell its mailing lists to third parties for fun and profit.

AVG stated under ‘Do You Share My Data?’ in the Q&A about the new policy, which is automatically enforced on 15 October: “Yes, though when and how we share it depends on whether it is personal data or non-personal data. AVG may share non-personal data with third parties and may publicly display aggregate or anonymous information.”

AVG has hit back at the criticism in a blog post today, by which we mean confirmed that its stance is correct, explaining: “Usage data allows [AVG] to customize the experience for customers and share data with third parties that allow them to improve or develop new products.

“Knowing that 10 million users like a certain TV program gives broadcasters the data to get producers to make more of that type of program.

“This is also how taxi firms know how to distribute their fleets, and how advertisers know where to place banners and billboards, for example. Even at AVG, we have published non-personal information that we have collected regarding app performance.”

But AVG added in big, bold type: “We do not, and will not, sell personally identifiable data to anyone, including advertisers.”

This will placate some, but others fear that the lack of choice over this matter, which requires an active decision to opt out, is too clandestine. As ever, there are threats to move to everything from Linux Mint to the Commodore 64, some more serious than others.

Several Redditors have likened it to similar warnings in Windows 10′s Insider Programme which essentially say: ‘we can track you … but we won’t, unless we do.’

Courtesy-TheInq

For the past seven years, a cyberespionage group operating out of Russia on the orders of Tsar Putin have been conducting a series of malware campaigns targeting governments, political think tanks and other organizations.

Researchers at F-Secure have been looking into the antics of an outfit called “the Dukes” which has been active since at least 2008. The group has evolved into a methodical developer of “zero-day” attacks, pulling together their own research with the published work of other security firms to provide a more detailed picture of the people behind a long-running family of malware.

The Dukes specialize in “smash and grab” attacks on networks, but have also used subtle, long-term intrusions that harvested massive amounts of data from their targets.

The group’s targets do include criminal organisations operating in the Russian Federation, which suggest there is some form of policing element to it. But they are mostly interested in Western governments and related organisations, such as government ministries and agencies, political think tanks and governmental subcontractors.

F-Secure team wrote. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organisations associated with Chechen terrorism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”

The group was named after its earliest-detected malware, known as PinchDuke. Its targets were associated with the Chechen separatist movement. Later that year they were going after Western governments and organisations in search of information about the diplomatic activities of the United States and the NATO.

Most of the attacks used spear phishing emails as the means of injecting malware onto targeted systems, one of their attacks have spread malware through a malicious Tor exit node in Russia, targeting users of the anonymising network with malware injections into their downloads.

The targets have always followed Russian government interests. There are a number of Russian-language artifacts in some of the malware, including an error message in PinchDuke. GeminiDuke also used timestamps that were adjusted to match Moscow Standard time.

Before the beginning of the Ukraine crisis, the group began using a number of decoy documents in spear phishing attacks that were related to Ukraine. They included a letter undersigned by the First Deputy Minister for Foreign Affairs of Ukraine.

However, after the crisis happened the attacks dropped off suggesting that it was an intelligence gathering operation. It is also a big operation, which, if operating in Russia would most likely require state acknowledgement, if not outright support.

Sales are way up for little-known manufacturers that sell directly to big cloud companies like Google and Facebook, while the market for traditional external storage systems is shrinking, according to research company IDC.

Internet giants and service providers typically don’t use specialized storage platforms in their sprawling data centers. Instead, they buy vast amounts of capacity in the form of generic hardware that’s controlled by software. As users flock to cloud-based services, that’s a growing business.

Revenue for original design manufacturers that sell directly to hyperscale data-center operators grew by 25.8 percent to more than US$1 billion in the second quarter, according to the latest global IDC report on enterprise storage systems. Overall industry revenue rose just 2.1 percent from last year’s second quarter, reaching $8.8 billion.

These so-called ODMs are low-profile vendors, many of them based in Taiwan, that do a lot of their business manufacturing hardware that’s sold under better known brand names. Examples include Quanta Computer and Wistron.

General enterprises aren’t buying many systems from these vendors, but the trends at work in hyperscale deployments are growing across the industry. Increasingly, the platform of choice for storage is a standard x86 server dedicated to storing data, according to IDC analyst Eric Sheppard. Sales of server-based storage rose 10 percent in the quarter to reach $2.1 billion.

Traditional external systems like SANs (storage area networks) are still the biggest part of the enterprise storage business, logging $5.7 billion in revenue for the quarter. But sales in this segment were down 3.9 percent.

Overall demand for storage capacity continued to grow strongly, with 37 percent more capacity shipped in the quarter compared with a year earlier.

Source-http://www.thegurureview.net/aroundnet-category/enterprise-storage-needs-driving-cloud-sales-boom.html

According to a website set up by the company to share information about the incident, Web.com discovered the security breach on Aug. 13 as part of its ongoing security monitoring.

Attackers compromised credit card information for around 93,000 accounts, as well as the names and addresses associated with them. No other customer information like social security numbers was affected, the company said.

According to the company, the verification codes for the exposed credit cards were not leaked. However, there are websites on the Internet that don’t require such codes for purchases.

Web.com has notified affected customers via email and will also follow up with letters sent through the U.S. Postal Service. Those users can sign up for a one-year free credit monitoring service.

The company did not specify how the intruders gained access to its systems, but has hired a “nationally recognized” IT security firm to conduct an investigation.

Web.com provides a variety of online services, including website and Facebook page design, e-commerce and marketing solutions, domain registration and Web hosting. The company claims to have over 3.3 million customers and owns two other well known Web services companies: Register.com and Network Solutions.

Register.com and Network Solutions customers were not impacted by this breach unless they also purchased services directly from Web.com.

Source-http://www.thegurureview.net/aroundnet-category/web-com-latest-victim-of-credit-card-hacking.html