New wave of BGP hijacking attacks hit several payment processing systems

Security Digest Information security news and advice from TechTarget's network| August 8, 2018 FEATURED STORY BGP hijacking attacks target payment systems by Michael Heller, Senior Reporter Researchers discovered a wave of BGP hijacking attacks aimed at DNS servers related to payment processing systems in an apparent effort to steal money from unsuspecting users. (SearchSecurity.com) Advertisement NEWS   Reddit breach sparks debate over SMS 2FA Using two-factor authentication with one-time passwords sent via SMS has come under question again after a Reddit breach was blamed on the faulty 2FA method. (SearchSecurity.com)   Coinhive malware infects tens of thousands of MikroTik routers The cryptominer Coinhive malware has infected tens of thousands of MikroTik routers around the world, as malicious actors take advantage of poor patching habits by users. (SearchSecurity.com)   Risk & Repeat: A deep dive on SamSam ransomware In this week's Risk & Repeat podcast, SearchSecurity editors talk about the SamSam ransomware campaign, which may be the work of a single hacker who's made nearly $6 million. (SearchSecurity.com)   Disclose.io launches vulnerability disclosure 'safe harbor' News roundup: Disclose.io offers legal bug bounty framework to give researchers safe harbor from legal action for vulnerability disclosures. Plus, Stamos exits Facebook, and more. (SearchSecurity.com)   Bugcrowd CTO explains crowdsourced security benefits and challenges In part two of this interview, Bugcrowd founder and CTO Casey Ellis discusses the value of crowdsourced vulnerability research, as well as some of the challenges. (SearchSecurity.com)   FIN7 members arrested after stealing 15 million credit card records The FBI arrested three members of the FIN7 cybercrime gang -- also known as the Carbanak Group -- for targeting more than 100 businesses and stealing 15 million credit card records. (SearchSecurity.com) EXPERT ADVICE   What to do when IPv4 and IPv6 policies disagree Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules. (SearchSecurity.com)   How to identify and manage cloud security misconfigurations Identifying cloud security misconfigurations and decreasing the potential impact doesn't have to be complicated. Expert Ed Moyle outlines the tools and resources needed. (SearchCloudSecurity.com)   Four new Mac malware strains exposed by Malwarebytes Mac platforms are at risk after Malwarebytes discovered four new Mac malware strains. Learn how to protect your enterprise and how to mitigate these attacks with expert Nick Lewis. (SearchSecurity.com)   What does the expansion of MANRS mean for BGP security? The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.