Tuesday, January 26, 2016

The half of e-commerces don't know where they store payment data

The security of our payment data leaves much to be desired according to the Ponemon Institute's survey, which has interviewed more than 3.700 cybersecurity experts from different technological companies. We'll show this information, and also the last failure in the e-commerce Magento. We'll also talk about the Cybersecurity 500 ranking of security companies  last edition and we'll tell you the story of a specially evil ransomware: Magic.

According to the Ponemon Institute study, 55% of the cybersecurity professionals don't know where they store their client´s payment data. 54% ensure the security of this data isn't one of the five security maximum priorities for their company and the 59% affirm they allow the access of a third person to these payment data, in the majority of cases without a multiple factor authentication. Only the 44% of the companies use encryption to protect the payment data during a sale. Knowing that, we understand why the new payment methods, like the mobile payment, are considered with a 72% of risk.

New bug on Magento

And if the practices of the companies leave much to be desired, the software failures don't help either to increase the trust in e-commerce: newly it has been discovered a serious failures in the Magento platform, used by millons of e-commerces. This time we have a cross-site scripting vulnerability which has just received a patch that the affected should install right now.

Damned ransomware

Another horror story that is disturbing our sleeping is the new ransomware Magic. A few months ago, a researcher published the source code of a ransomware.  Magic has been created from this source code, a ransomware which would have affected to users of the Reddit forum. And here comes the bizarre: Magic creators saved the private password in a free hosting service which closed their account because they were hackers, deleting all the password which could save the infected computers.

Cybersecurity 500

We finish with a good new, to not embitter the day: the quarterly rank of the best cybersecurity companies has been published and two Spanish companies appear in this rank: Panda Security, dedicated to the antivirus and software security sector and Bluelive, specialized in the cybermenace analysis. We please for both and from here we send them our congratulations.


Post a Comment