Trojan Injects Enrollment Screen for Verified by Visa and MasterCard SecureCode Security Programs during Online Banking Sessions

London, 14th July 2010 –Trusteer, the leading provider of secure browsing services, today announced that the Zeus (Zbot) financial malware is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs. After users have initiated a secure online banking session, the Zeus Trojan injects into the browser a facsimile of the familiar Verified by Visa and MasterCard SecureCode enrollment screen. It then prompts users to enter their social security number, credit or debit card number, expiration date, and PIN or CSV code. For a sample of the fake enrollment screen, see: http://www.trusteer.com/sites/default/files/ZeusVisaMastercardFraud.jpg

London, 7th July, 2010 – Trusteer, the leading provider of secure browsing services, today warns that July 31st is an important date if you have pay income tax under self assessment, have kids or are on a low income, as this is the deadline to file a tax credits renewal with HMRC (http://bit.ly/cb3mNA) or pay the second instalment of income tax.  And given the tax changes seen in the Chancellor's just-announced budget, many parents will be filing in the hope of an extra tax credit to offset the rest of what has been something of an austerity budget.

The danger now, says Trusteer, is that tax credit filers will click on unsolicited emails that look as though they might have been sent by HMRC, and in doing so, may end up infecting their home or office computers.

While Snooping Continues to Rise, IT Security Is Making It Harder for Insiders to Get Around Controls That Protect Highly-Sensitive Information  

LONDON – July 7, 2010 – The results of Cyber-Ark® Software’s fourth annual “Trust, Security and Passwords” global survey show that 35 percent of respondents believe their company’s highly-sensitive information has been handed over to competitors.  Thirty-seven percent of the IT professionals surveyed cited ex-employees as the most likely source of this abuse of trust.  While perhaps not surprising that disgruntled workers top the list, it’s noteworthy that 28 percent suspected “human error” as the next most likely cause, followed by falling victim to an external hack or loss of a mobile device/laptop, each at 10 percent.  The most popular information shared with competitors was the customer database (26 percent) and R&D plans (13 percent).

Security experts advise that while PCI DSS is complex, costly consultants may not be necessary

PCI DSS Compliance is certainly going to be top of mind for retailers in the coming months.  On Thursday July 1st Visa is tightening up its security rules on smaller companies accepting card payments; this is particularly pertinent as it was announced earlier this month that all London Olympics tickets must be purchased on a Visa card! In September, a further security mandate will require large scale card-accepting businesses to be fully PCI DSS compliant from the start of that month onwards.