
New Advances in Payment Card Skimmers per Krebs on Security
Security researcher Brian Krebs has become an expert on card skimming devices and methods. It’s enough to make you seriously question ever swiping your card again. His column today presents how retail self-checkout point of sales (POS) machines can be equipped with a “flexible, paper-thin device that fits inside the terminal’s chip reader slot”. Unless you knew to look, and what to check for, you’d have no idea. Ironically, these risky readers draw power from the chip on the secure chip and pin cards we use, and can operate indefinitely. But good news – his next post is about detecting these skimmers.
Phishing Alert: per Threatpost . Be war, wary careful of emails being sent supposedly from FedEx and DHL couriers, among others. The targets have been over 10,000 Microsoft email users.
Shadow Attacks Can Compromise Integrity of Digitally-signed PDFs per The Hacker News
Whoa! We know attackers have been steadily abusing trust via digital certificates but this is a disturbing new wrinkle. Security researchers from Ruhr-University Bochum demonstrated their new attack, “Hiding and Replacing Content in Signed PDFs”, which abuses the “enormous flexibility provided by the PDF specification so that shadow documents remain standard compliant.” Consider how much we rely on PDFs because they can’t be changed the way other documents can, supporting the security principle of Integrity. Of note: These researchers have previously shown how to extract the contents of password-protected PDF files.