Cyber-criminals are actively sharing tips and advice on how to bypass the 3D Secure (3DS) protocol to commit payment fraud, according to researchers. A team at threat intelligence firm Gemini Advisory found the discussions on multiple dark web forums, claiming that phishing and social engineering tactics stood a good chance of success in certain situations. Although version two of the protocol, designed for smartphone users, allows individuals to authenticate payments with hard-to-spoof or steal biometric…

A major aviation IT company has been breached in what appears to be a coordinated supply chain attack affecting multiple airlines and hundreds of thousands of passengers. SITA provides IT and telecoms services to around 400 members in the industry, claiming to serve around 90% of the global airline business. It revealed yesterday that attackers had compromised passenger data stored on its SITA Passenger Service System servers in the US. It said these servers operate…

Jack Wallen shows you how to create both local and AWS secrets engines with Hashicorp’s Vault. Image: Sarah Pflug/Burst One of the biggest security issues in development is leaving secrets within code. With passwords, encryption keys and API keys left in code, hackers could easily gain access to your data, your network, or the services you use. To that end, it’s imperative that developers make use of all the tools available to secure their code….

A Swedish businessman has admitted conning thousands of victims out of millions of dollars with a reversed pension cryptocurrency investment scam.  Roger Nils-Jonas Karlsson pleaded guilty today to securities fraud, wire fraud, and money laundering charges that he defrauded 3,575 victims of more than $16m. Karlsson and his now defunct company, Eastern Metal Securities (EMS), were charged in a criminal complaint filed on March 4, 2019. The 47-year-old, who uses at least six different aliases including Euclid Deodoris…