+62 61 7330092

Category Archives

18 Articles

Begini Cara Hacker Rusia Curi Data melalui Anti Virus Kaspersky

Hacker asal Rusia mencuri data rahasia National Security Agent (NSA) melalui salah satu agen kontraktornya. Kejadian yang diketahui berlangsung pada 2015 ini merupakan pembobolan besar di internal NSA.

Dikutip dari Wall Street Journal, Minggu (8/10/2017), pencurian data ini diduga terjadi setelah si agen NSA mentransfer data-data tersebut ke komputer miliknya.

Agen tersebut menggunakan software antivirus buatan Kaspersky, yang memungkinkan para peretas mengidentifikasi dan menargetkan data milik agen tersebut.

Tidak jelas apakah peretasan yang baru diketahui ini masih terkait Shadow Brokers atau bukan. Shadow Brokers adalah sebutan untuk rentetan kebocoran data NSA yang banyak terkait dengan pemerintahan Rusia.

Sementara itu, terkait software Kaspersky yang dicurigai sebagai ‘tokoh utama’ dalam pencurian data ini, tidak diketahui apakah Kaspersky sendiri menyadari adanya serangan ini.

Yang jelas, program antivirus ini secara rutin mengirim data telematika ke server pusatnya. Dalam kasus Kaspersky, server pusatnya berlokasi di Rusia.

Transmisi data ini dienkripsi menggunakan SSL. Namun jika pihak Rusia bisa membuka enkripsi tersebut, mereka bisa mendeteksinya tanpa diketahui Kaspersky maupun agen NSA.

Bagi Kaspersky, laporan ini membuat perusahaannya semakin dicurigai, di tengah memburuknya hubungan Amerika Serikat (AS) dan Rusia yang berdampak semakin luas.

Seperti diketahui, antivirus Kaspersky dilarang penggunaannya di Negeri Paman Sam. Pemerintahan Donald Trump telah menghapus nama Kaspersky Lab dari daftar vendor untuk pembelian perangkat teknologi yang akan digunakan oleh instansi pemerintahan.

Alasannya, dikhawatirkan produk keamanan Kapersky menjadi jalur yang digunakan Kremlin untuk masuk ke jaringan di AS.

Hal tersebut menjadi tindakan konkrit dari kecurigaan badan intelijen dan parlemen AS yang muncul sejak beberapa bulan lalu.

Mereka meyakini perusahaan antivirus yang bermarkas di Moskow itu punya hubungan erat dengan badan intelijen Rusia yang berada di balik serangan cyber ke AS.

Kesalahan pada tombol ctrl-alt-del yang tidak kita tahu

Ada beberapa kombinasi tombol keyboard yang bisa dimanfaatkan di sistem operasi Windows, di antaranya ctrl-alt-del. Namun Bill Gates menyesal telah membuat kombinasi tersebut.

Ctrl-alt-del jika ditekan bersamaan punya fungsi tertentu, misalnya bisa menginterupsi sebuah program yang hang dengan memunculan task manager. Tapi Bill menilai kombinasi itu terlalu ribet dan dia sebenarnya ingin ctrl-alt-del jadi satu tombol saja.

“Tentunya jika aku bisa melakukan perubahan kecil, aku akan membuatnya jadi tombol operasi tunggal,” kata Gates ketika ditanyai soal itu dalam konferensi baru-baru ini.

Ini bukan pertama kalinya orang terkaya dunia itu menyinggung soal ctrl-alt-del. Ia pernah membahasnya beberapa tahun lalu ketika jadi pembicara di universiats Harvard.

“Kami seharusnya membuatnya tombol tunggal. Orang di IBM yang melakukan desain keyboard tidak menginginkannya. Itu adalah sebuah kesalahan,” papar Gates.

Kombinasi ctrl-alt-del memang dibuat oleh Insinyur IBM, David Bradley. Di tahun 1990-an, cara ini menjadi terkenal jika komputer tiba-tiba mengalami freeze.

Dalam sebuah wawancara terpisah, Bradley pernah mengatakan dia tadinya ingin menggunakan Ctrl+Alt+Esc. Namun hal itu urung dilakukan karena akan membuat pengguna bingung jika diletakkan di sisi kiri.

USA Today.

WannaCry Hero Arrested on Kronos Malware Charges

In a stunning twist, U.S. authorities this week arrested a British cyber-researcher credited with stopping the spread of the WannaCry ransomware virus on charges he helped develop and deploy the Kronos banking trojan that attacked financial institutions around the world in 2014.

Following a two-year investigation, a federal grand jury in Wisconsin last month handed down a six-count indictment against Marcus Hutchins, a resident and citizen of the UK who operated under the name “Malwaretech,” according to U.S. Attorney Gregory Haansted, who oversees the Eastern District of Wisconsin.

Hutchins was arrested Wednesday at the McCarran International Airport in Las Vegas, where he had been attending the Def Con hacking conference. The charges include one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization.

Origin Story

Hutchins created the Kronos malware, prosecutors have alleged.

A video showing the functionality of the Kronos banking trojan was posted to a publicly available website in July 2014, according to a copy of a sealed indictment the U.S. District Court posted July 12.

A defendant, whose name is blacked out, used the video to show how Kronos worked, the indictment says. A defendant, again with the name blacked out, offered to sell the Kronos banking trojan for US$3,000.

Defendants whose names were blacked out updated the Kronos malware early 2015, according to the indictment. In April of that year, a defendant with a name blacked out allegedly advertised the malware on the AlphaBay market forum.

In June 2015, a version of the Kronos malware was sold on the forum for $2,000 in digital currency. In July 2015, a defendant with the name blacked out offered “cryptying” services for Kronos — that is, computer code used to shield the malware from antivirus software, the indictment states.

Kronos was an ongoing threat; in late 2016, the Kelihos botnet was observed trying to load Kronos using an email phishing campaign. A Russian national, Peter Yuryevich Levashov, 36, was arrested in Barcelona this April on U.S. federal charges related to his alleged operation of Kelihos.

The Justice Department last month announced that AlphaBay, which is considered the largest criminal marketplace on the dark Web, was shut down following an international investigation. Alpha Bay had been used to sell everything from fentanyl and heroin to weapons, chemicals, stolen identification documents and hacking tools.

Authorities last month arrested Alexandre Cazes, a Canadian national living in Thailand, on charges he helped create and administer the site, but he reportedly took his own life while in Thai custody.

Arrest Fallout

Hutchins this spring was hailed as an international hero after he located the kill switch to end the WannaCry ransomware attack that had locked up thousands of computers across the globe.

However, his arrest does not appear to be directly related to WannaCry, said Mark Nunnikhoven, vice president of cloud security at Trend Micro.

The current case is particularly interesting because the charges indicate the arrest is based on the creation of Kronos, not its use, he said.

“Basically, it’s saying that the only possible use of the software was malicious,” Nunnikhoven told the E-Commerce Times.

Additional activity has been detected related to the WannaCry ransomware attack, specifically that the bitcoin wallet used in the attack had been emptied, noted James Pleger, managing director of global threat intelligence at Kudelski Security.

“This came as a bit of a surprise, considering that many criminals try to cash out as quickly as possible,” he told the E-Commerce Times.

The delay may have been related to the scrutiny investigators placed on the attack early on, Pleger said — and on a more ominous note, added that it may indicate that the same hackers could be ready for a new attack using different methods.

A spokesperson for the U.S. attorney in Wisconsin was not immediately available for comment. The FBI referred all questions on the case to the DoJ.

Moving to a new web hosting company is quite simple

As your WordPress site grows from a few visits a day to thousands of visits a month and more, the shared hosting account that provides its bandwidth, storage, and processing may be unable to keep up with the increased traffic. Either it will perform poorly for all visitors — slow page loads with frequent unresponsiveness. Or it will perform poorly during periods of peak traffic — it might stop working at all under especially heavy load. No one wants their site to collapse just when it’s at its most popular.

If a WordPress site’s hosting isn’t up to the job, there are two options. Upgrade to a more powerful hosting plan with the same hosting provider or move to a new hosting provider.

If you’re happy with your current host, upgrading is the simplest option, but if you aren’t happy, it’s time to consider making a move. Many bloggers and business site owners stick with their current hosting even when they aren’t happy with the support or the service they receive. They take the “better the devil you know” approach and assume moving to a new web hosting company is complicated. They also worry that it might hurt their SEO ranking or traffic.

In reality, moving to a new web hosting company is quite simple. First you find new hosting and migrate the site itself while the original site is still up and running. Then you change your domain records so that they point to the new site. Then you take the old site down and cancel your original hosting contract.

The only complications occur if you change the architecture of the site or the domain name as you make the change. Even that can be handled with a minimal impact, but I’ll stick to the simple case for this article.

Migrating The Site
Migrating a WordPress site is not difficult. A working WordPress site needs three things: web hosting, a WordPress installation (which is just a collection of files), and a database. Once you have a new web hosting account, you need to move the files into the root of your hosting account and import the site’s database.

If that sounds complicated, you might want to hire a WordPress professional to do it for you, but most decent web hosting companies will help you with the migration; many will do it for free.

If you want to make the move yourself, the best option is to use a plugin like All-In-One-Migration, which is capable of moving both the files and the database to your new hosting account.

All the plugin does is to copy the files to your new hosting account, export the database from the old site, and import it to the new WordPress installation. The same process can be done manually, but if you haven’t migrated a WordPress site before, I’d advise you to stick with one of the methods I’ve suggested.

Changing DNS Records
I’ve used the word “migrate,” but in reality the site has been copied. The new site works, but when users type the address into their browser or search for your site, they will end up on the old site.

To direct users to the new site, you need to change your domain name’s records so that it points to the IP of your new hosting account, rather than the old one.

There are two organizations involved in making a domain name work: the domain name registrar and the domain name host, although sometimes the same organization offers both services. The domain name registrar keeps the record of who owns the domain. The domain host manages the domain name servers that link your domain to an IP address.

When you change web hosting companies, you need to do one of the following:

Change the domain name servers that your domain registrar uses for your domain so they point to your new web hosting company’s DNS servers.
If you don’t want to use your web hosting companies name servers, change the DNS records for your domain with the DNS host you use.
In most cases, you’ll just want to visit your domain name registrar and use their interface to change the DNS server records so they point at your hosting company’s DNS servers. The domain name registrar or your web hosting company will be able to help you do this if you’re having trouble.

If you want to move your site without making any changes to its information architecture or the domain name, that’s about it. There will be no damage to your site’s search engine optimization, because from Google’s point of view, not much has changed. The content is the same, it’s accessible at the same URLs, and incoming links still work.

Don’t settle for a poor hosting experience. If you’re not happy with your hosting company, moving to a new provider is easier than you think.

Microsoft Donates $465 Million in Cloud Services in 2016

Brought to you by Talkin’ Cloud

Microsoft has made significant headway on its goal to provide $1 billion in cloud services for non-profits and researchers over three years, donating $465 million in cloud services to 71,000 organizations so far in its first year of the effort.

Microsoft Philanthropies was created just over a year ago “to realize the promise and potential of technology for everyone,” according to a blog post this week by Mary Snapp, corporate vice president of Microsoft Philanthropies.

See also: Microsoft’s Philanthropic Arm to Bring Cloud Services to 70,000 Organizations by 2017

Along with donating cloud computing, the efforts of the initiative have included delivering connectivity to remote schools, health clinics and community centers in 11 countries, and in the U.S. specifically, expanding access to computer science education to 225 high schools.

“If there’s a single technology that is making today’s technology-driven change possible, it’s cloud computing. Our ability to work from anywhere, at any time. The emergence of self-driving cars. Individualized medicine based on the analysis of a person’s genetics. All of these things are made possible by the cloud,” Snapp said. “But to realize the full potential of the cloud to create economic opportunity and address the world’s most difficult challenges, the power of cloud computing must be available to nonprofit organizations and researchers, and to individuals who lack affordable broadband access. Therefore, in January of last year, we announced a three-year initiative to donate $1 billion in cloud computing resources to 70,000 nonprofit organizations and 900 university researchers, and to expand broadband access in 15 countries.”

Snapp said that in 2017 Microsoft Philanthropies will continue to drive initiatives in education, increase support for its humanitarian action, and work to make technology more accessible for people with disabilities.

The promises build on a vision laid out by Microsoft general counsel Brad Smith at Microsoft Worldwide Partner Conference (WPC) in July, where he talked about the company’s role in building a “cloud for good.”

In an interview last year with The New York Times, Microsoft said it would not take a tax deduction for its donated cloud services.

Microsoft was named one of the 20 most charitable companies of the Fortune 500 last year, as was Google, who last month committed $11.5 million to support racial justice, split between 10 different causes.

In January, Google pledged $4 million in donations to the American Civil Liberties Union, Immigrant Legal Resource Center, International Rescue Committee and UNHCR in conjunction with President Donald Trump’s executive order on immigration.

Bug ‘exposes’ WhatsApp message secrets

Some messages sent through WhatsApp can be intercepted and read thanks to a bug in the app, suggests research.
The bug arises because of the way WhatsApp encrypts the messages sent via its service.
Security expert Thomas Boelter found that eavesdropping was possible when circumstances called for encryption keys to be reissued.
Mr Boelter told WhatsApp owner Facebook about the issue in April 2016 but it said it was not working on a fix.
The response he received said that what he had discovered was expected behaviour.
Privacy campaigners claimed in The Guardian newspaper that the bug was a “huge threat” to freedom of speech because it could be used by governments or law enforcement agencies to spy on people who thought they were communicating securely.
In a statement reacting to media stories about the research, WhatsApp said the bug was not a “backdoor” intentionally placed in its code that allowed governments to make the firm decrypt messages.
“This claim is false,” it said. “WhatsApp does not give governments a ‘backdoor’ into its systems and would fight any government request to create a backdoor.”
Bad coding
The bug crops up in situations when encryption keys used to scramble messages have to be reissued and resent.
Mr Boelter found that, in certain circumstances, attackers can pose as the recipient of a message and force WhatsApp to reissue keys for scrambling information.
Sophisticated manipulation of this system would let attackers intercept and read messages, said Mr Boelter.
Zack Whittaker, security editor at ZDNet, said it was a “stupid and big bug” but played down its seriousness.
The problem was “limited” in its scope, he said, adding that it probably emerged because of “bad coding or a favour to good user experience”.
In its statement, WhatsApp said it had taken a design decision to implement the re-issuing of keys in this way to preserve millions of messages that would otherwise be lost.
Cryptographer Frederic Jacobs said anyone worried about falling victim to the bug could adjust security settings on the app to warn them if encryption keys were being changed.

10 Days of DDoS: an Actor’s “Working” Hours

Threat actors working on a schedule similar to that of legitimate businesses recently launched large distributed denial of service (DDoS) attacks for ten days in a row, CloudFlare researchers warn.

Starting on Nov. 23 and running through Dec. 2, the actor behind a DDoS-capable tool has been launching large-scale attacks for roughly eight hours each day, seemingly during specific working hours. CloudFlare, which observed and mitigated several of the attacks, says that the actor started work at around 18:00 UTC (13:00 EST) each day and ended shift eight hours later, at around 02:00 UTC (21:00 EST).

Day after day, with only slight variations of half an hour or so, the actor would employ this pattern when launching DDoS attacks, as if they “’worked’ a day and then went home,” CloudFlare says. On the last day, the attacks continued for 24 hours straight, either because the attacker no longer took the night off, or because multiple operators worked in shifts to keep the floods going.

The attacks, the security researchers say, were quite large: they peaked at 172Mpps (Million packets per second) and 400Gbps (Gigabits per second) on the first day, but went over 200Mpps and 480Gbps on the third day.

“And the attacker just kept this up day after day. Right through Thanksgiving, Black Friday, Cyber Monday and into this week. Night after night attacks were peaking at 400Gbps and hitting 320Gbps for hours on end,” CloudFlare’s John Graham-Cumming reveals.

One of the most interesting aspects of these attacks is that they are not launched by the famous Internet of Things (IoT) botnet Mirai, but by a different tool, CloudFlare reveals. The attacker is sending very large L3/L4 floods aimed at the TCP protocol, a technique different from what Mirai uses.

The security researchers also note that the attacks they witnessed were highly concentrated in a small number of locations mostly on the United States west coast. This doesn’t come too much as a surprise, considering that DDoS bots have been long abusing cloud services offered by Amazon and other companies.

What this incident also reveals is how trivial it has become for a DDoS actor to launch attacks peaking above the 400Gbps mark. In fact, as Akamai’s Q3 State of the Internet report reveals (PDF), the number of attacks over 100Gbps went up 138% in the third quarter of this year compared to the same period in 2015, while DDoS attacks registered an overall increase of 71% since Q3 2015.

Microsoft Goes All In for Linux

While not quite at the level of a parting of the waters, the news that Microsoft has joined The Linux Foundation may seem miraculous to those aware of the past enmity between the company and the open source community.

Microsoft Goes All In for Linux
Microsoft has joined The Linux Foundation as a platinum member, it announced Wednesday at its Microsoft Connect conference in New York.

Google has joined the .Net foundation, Scott Guthrie, executive vice president of Microsoft Cloud and Enterprise, also told attendees. Further, Microsoft and Samsung Electronics have joined forces to allow .NET developers build apps for millions of Samsung devices.

The first demo during the Connect conference was with Visual Studio Code, which has attracted more than 1 million developers, Guthrie said — a sign of how the company has embraced open source.

The number of people who created their first GitHub repository has doubled in the past year from 5,000 to 10,000 per day, GitHub CEO Chris Wanstrath told attendees.

“More and more, we’re seeing not just pure open source companies, but companies that have either not embraced open source in the past or sort of done it here and there, really fully embracing open source, particularly the developer communities,” he said.

Microsoft over the past two years has transformed the way it uses open source with the launch of .Net, he said, showing data indicating that Microsoft was the No. 1 company with contributors on GitHub, at 16,419.

Shock and Skepticism

Linux Foundation Executive Director Jim Zemlin told Guthrie on the conference stage that when he told a few people in advance that he would be announcing the move, they responded, “What’s the catch?”

The foundation and Microsoft have had disagreements in the past, Zemlin acknowledged, but with the growing importance of mobile and cloud, there is “too much software to be written for one organization or individual to write it by themselves,” he said.

John Gossman, architect of the Microsoft Azure team, will join The Linux Foundation’s board of directors.

Microsoft previewed several new products that show their capabilities across multiple platforms, including SQL Server on Linux, Visual Studio for Mac, Azure App Service on Linux with support for containers, Visual Studio Mobile Center, Visual Studio 2017, and Azure Data Lake Services, which allows developers and data scientists to store petabyte-size files.

“From what we see, Microsoft continues to recognize the importance of Linux and other open source technologies in the marketplace,” observed Mike Ferris, vice president of business development and architecture at Red Hat.

“Microsoft has been progressing towards putting more and more of its platform software in open source,” said Al Hilwa, program director for software development research at IDC.

“I think putting software in open source is the first step, but to get the true benefits of the process, you have to engage community and recruit contribution,” he told LinuxInsider.

The move also reflects the work done by The Linux Foundation to include other prominent open source projects and communities, ranging from Cloud Foundry to Cloud Native Computing Foundation, node.js and Open Container Initiative, 451 Research Principal Analyst Jay Lyman told LinuxInsider.

The bad blood between Microsoft and Linux ran deep for many years, as the company viewed open source as a threat to its Windows operating system dominance.

Samsung Mobile

Samsung announced a new collaboration with Microsoft on open source projects, including .Net core and Xamarin.Forms, to enable .Net support for Tizen, the company’s Linux-based open source operating system for more than 50 million Samsung devices.

Samsung released a preview of Visual Studio Tools for Tizen, which will allow developers to build applications for a variety of Samsung devices, ranging from smartphones to smart TVs, wearables like the Gear S3, and IoT devices.

The preview supports development for mobile apps, Samsung said, through device emulators and an extension to Visual Studio with full IntelliSense and debugging capabilities. Tizen’s .Net support will become available for all devices in 2017.

Facebook and Google to Build Transpacific Submarine Cable

Brought to you by Data Center Knowledge

Facebook has partnered with Google to pay for construction of what will be one of the highest-capacity submarine cable systems stretching across the Pacific Ocean, connecting Los Angeles to Hong Kong.

This is a second such partnership Facebook has gotten involved in and yet another example of changes happening in the submarine cable industry, which has traditionally been dominated by consortia of private and government-owned carriers. Operators of mega-scale data centers who deliver internet services to people around the world – companies like Facebook, Google, Microsoft, and Amazon – have reached a point where their global bandwidth needs are so high, it makes more sense for them to fund cable construction projects directly than to buy capacity from carriers.

In May, Facebook announced it had teamed up with Microsoft on a submarine cable across the Atlantic, linking landing stations in Virginia Beach, Virginia, and Bilbao, Spain. The future transatlantic system, called MAREA, will be operated by Telefonica.

Both Europe and Asia Pacific are important markets for the internet and cloud services giants. The Los Angeles-Hong Kong cable will help improve connectivity between both companies’ data centers in the US and Asia.

The cable will be called Pacific Light Cable Network, taking its name from the third partner on the project: Pacific Light Data Communications.

Both MAREA and PLCN systems will be built by TE SubCom, one of the biggest names in the submarine cable industry.

In addition to simply increasing the amount of bandwidth between the US and Asia, the 120Tbps PLCN system will provide greater diversity in transpacific cable routes, Najam Ahmad, director of technical operations at Facebook, wrote in a blog post announcing the project. “Most Pacific subsea cables go from the United States to Japan, and this new direct route will give us more diversity and resiliency in the Pacific,” he explained.

The FASTER cable system, backed by Google and several Asian telecommunications and IT services companies, came online earlier this year. Another big submarine cable project is the New Cross Pacific Cable System, which is backed by Microsoft and a group of Asian telcos. NCP is expected to come online in 2017. Both will land in Oregon on the US side.

Also this year, Amazon Web Services made its first investment in a submarine cable project, agreeing to become the fourth anchor customer necessary to make the planned Hawaiki Submarine Cable between the US, Australia, and New Zealand possible.

One big way in which PLCN and MAREA will be different from traditional transoceanic cable systems is they will be interoperable with a variety of network equipment, rather than being designed to work with a specific set of landing-station technologies, according to Ahmad. Not only will each user be able to choose what optical equipment fits their needs best, they will be able to upgrade that equipment as better technology becomes available.

“This means equipment refreshes can occur as optical technology improves, including taking advantage of advances made during the construction of the system,” he wrote. “When equipment can be replaced by better technology at a quicker pace, costs should go down and bandwidth rates should increase more quickly.”

Credit card with a digital display that randomly generates a security code is being launched

A credit card with a digital display that randomly generates a security code is being launched as a way of combating fraud.
Oberthur Technologies is currently in discussions with UK banks about rolling out the technology and will have cards “in the hands” of consumers in France by the end of the year.
Credit card fraud costs banks millions of pounds each year.
One expert said a different design for credit cards was overdue.
“In some ways, it’s surprising it has taken so long for this to appear,” Prof Alan Woodward, a cybersecurity expert from Surrey University, told the BBC.
The card provides an extra layer of security by replacing the static printed three-digit security code on the back of the card with a mini screen which displays a random code that changes automatically every hour.
It is powered by a thin lithium battery designed to last for three years.
“The technology has existed for some time so now it will be a case of persuading card processors that it is worth doing,” said Prof Woodward.
“It may be costly for card operators as some extra infrastructure will be required to ensure our cards stay synchronised with the operator, but it happens already for many banks with the dongles they issue for login.”
One drawback of the card is that customers will no longer be able to memorise their security code and will need to check the card every time they want to make an online purchase.
French banks Societe Generale and Groupe BPCE are preparing to roll the cards out to customers, following a pilot scheme last year and there are also pilot schemes in Mexico and Poland.
According to the UK’s Financial Fraud Action, credit card fraud in the UK totalled £755m in 2015 and the Office for National Statistics said that there were 20,255 victims.
There are several ways that fraudsters get hold of credit card details – from the online theft of data to skimmers that are attached to cash machines.
Skimmers – often homemade devices – that are attached to a cash machine, can steal information from the card’s magnetic strip and pin code with the help of a fake ATM pin pad or web camera.
Over time, the design has become more sophisticated with the advent of so-called shimmers – that are able to gather information from the card’s chip. Scammers are also now able to inject malware directly into cash machines
In response, banks are working on new authentication solutions, based on biometrics – regarded as a more secure way to identify customers.
But a recent study from security firm Kaspersky Labs suggests that cybercriminals are already planning to exploit these new technologies.
It found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Other underground sellers are already researching devices that could obtain data from palm, vein and iris recognition systems.
David Emm, principal security researcher at Kaspersky, said the Motion Code card would “reduce the window of opportunity” for a thief with a stolen card but added it would be a stronger proposition if the security code was generated on “another device”.
“Banks should consider applying a multitude of cybersecurity solutions to minimise unauthorised access to such information,” he said.
“Consumers must also be aware of their digital footprint, installing security updates promptly, using strong and unique passwords, applying caution when using public wi-fi networks and not revealing too much information about ourselves online.”