Mobile Security

3D Secure 2.0 – The New Sheriff in Town

EMVCo, the global standards body tasked with developing the technical standards for payments technologies, last week announced the availability of 3D Secure 2.0. Collectively, we at RSA congratulate EMVCo on this eagerly anticipated release. As an EMVCo Technical Associate, we were privileged to contribute to the development of the specifications and truly believe that the…

Six Steps For Cybercrime Survival

While recently cleaning my grandfather’s attic, I came across an old Federal Civil Defense Administration brochure titled “Six Steps to Survival – If an enemy attacked today would you know what to do?”  In our modern times, many of us are being attacked on a daily basis by cybercriminals. As such, do you know what…

“I am an imposter.”

I was invited to give a keynote at the Cloud Security Alliance (CSA) Congress in Dublin recently, on behalf of my EMC colleague Said Tabet. Two years before, I had spoken at the CSA Congress in Rome about the EU-funded SPECS and SPARKS projects and their relevance to cloud in terms of GRC and security analytics.…

Not on My Dime: When Fraudsters Take a Phantom Ride

As any parent with children in sports knows, it is simply not possible to be in two places at the same time.  I have tried to defy the laws of time and space by magically appearing at two different baseball fields when my sons’ games are conveniently scheduled at the same time on different fields…

Digital Universe CyberSecurity Student Defenders in Action

After writing my blog about Students – Be the Next Defenders of the Digital Universe I received several inquiries about what RSA’s Anti-fraud Command Center does and how Purdue University works with that team.  Since this week’s national cyber security awareness month theme is Building the Next Generation of Cyber Professionals  it is perfect timing…

Securing eCommerce Transactions without Losing Customers Part 4 – Mobile Strategy

Through this series we have looked at reducing fraud chargebacks via risk-based authentication for account holders, behavioral analytics and 3D Secure. In this final post we will look at mobile strategy. There is no shortage of statistics reflecting the tremendous growth in mobile commerce. In fact according to Criteo, 29% of US eCommerce transactions are…

2015 Year of Cybersecurity Consilience?

Art Coviello just sent out his annual end of year letter with the following 2015 predictions: 1.Nation-state cyber-attacks will continue to evolve and accelerate but damage will be increasingly borne by private sector 2. Privacy debate will mature 3. Retail is an ongoing target and Personal Health Information (PHI) is next 4. The Internet Identity…

Bugat Joins The Mobile Revolution: BitMo Hijacking SMS-Borne OTP’s #INTH3WILD

By Limor S. Kessem, Cybercrime and Online Fraud Communications Specialist, RSA RSA researchers analyzing Bugat Trojan attacks have recently learned that Bugat’s developers managed to develop and deploy mobile malware designed to hijack out-of-band authentication codes sent to bank customers via text messages. Bugat (aka: Cridex) was discovered and sampled in the wild as early…

Non-malware Penetration Techniques of an Advanced Attacker – Podcast #246

The level and sophistication of advanced threats is a constantly moving target pitting the advantages of smart and patient attackers against security teams that often times can’t possibly know what to look for when an attacker employs specialized techniques and tools designed to cloak their movements. What happens when an attacker doesn’t have to rely…

Disruptive technologies breaking down our doors in 2013

RSA recently launched its latest SBIC report titled ‘Information Security Shake-up – Disruptive Innovations to test Security’s Mettle in 2013’. It introduces some interesting food for thought on what organizations should have on their ‘to do ‘list for 2013. Four key innovations are highlighted which shouldn’t come as a big surprise to anyone, I think…