Learn how Starbucks combats credential stuffing & account takeover (ATO) SPONSOR

Learn how Starbucks combats credential stuffing & account takeover (ATO)

Many thanks to the great folks at Shape Security, who have sponsored my writing for the last week.

These are not kids in mom’s basement attacking us.”

Nearly five million people around the globe buy Starbucks coffee from their mobile app every single day. Forty percent of those purchases are paid using Starbucks’ gift card/stored value system, making the app a ripe target for account takeover (ATO).

Starbucks was one of the first enterprises to identify the growing threat of credential stuffing and mass ATO attacks. The security team tried using WAFs and CDN-provided bot solutions, but found those methods were no match for ever-evolving attackers.

Watch Shape’s discussion with Starbucks to learn how the two companies partnered to help combat ATO and hear answers to questions including:

  • How have attackers evolved at Starbucks over the past three years?
  • How can we leverage a collective defense to turn the tide on attackers?
  • How does Starbucks balance security with user friction?

Learn more now!

Shape Security is defining a new future in which excellent cybersecurity not only stops attackers, but also reduces friction for good customers. Shape disrupts the economics of cybercrime by making it too expensive for attackers to commit online fraud, while also enabling enterprises to more easily transact with genuine customers.

The Shape platform, covered by 55 patents, stops the most dangerous application attacks enabled by bots and cybercriminal tools, including credential stuffing (account takeover), fake account creation, and unauthorized aggregation.


If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Read more...
Hacker arrested for wave of fake bomb and shooting threats against schools

Hacker arrested for wave of fake bomb and shooting threats against schools

FBI agents have arrested a 20-year-old man alleged to have been part of a hacking gang which not only launched distributed denial-of-service (DDoS) attacks, but also launched a wave of chilling bomb and shooting threats against thousands of schools in the United States and United Kingdom.

Read more in my article on the Tripwire State of Security blog.

Read more...
Smashing Security #115: Love, Nests, and is 2FA destroying the world? PODCAST

Smashing Security #115: Love, Nests, and is 2FA destroying the world?

Is two factor authentication such a pain in the rear end that it’s costing the economy millions? Do you feel safe having a Google Nest in your home? And don’t get caught by a catfisher this Valentine’s Day.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by B J Mendelson.

Read more...
VFEmail suffers 'catastrophic' attack, as hacker wipes email service's primary and backup data

VFEmail suffers ‘catastrophic’ attack, as hacker wipes email service’s primary and backup data

There will be many angry customers of VFEmail who will be distraught at the thought that years’ worth of irreplaceable personal and business correspondence may have been wiped out. It’s understandable that some might turn their fury towards VFEmail.

But VFEmail is a victim too.

Read more...
Smashing Security #114: Darknet Diaries, death, and beauty apps PODCAST

Smashing Security #114: Darknet Diaries, death, and beauty apps

Jack Rhysider from the “Darknet Diaries” podcast joins us to chat about his interview with the elusive Hacker Giraffe, how a death is preventing cryptocurrency investors from reaching their money, and how ‘beauty camera’ apps are redirecting users to phishing websites and stealing their selfies.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Read more...
Angry twitter thumb

Twitter follow bots cut off from API, as accounts disabled for spreading misinformation from Iran and elsewhere

ManageFlitter, Statusbrew, and Crowdfire have had their access to the Twitter API revoked for allegedly helping users abuse the service, aggressively and repeatedly following and unfollowing large numbers of other accounts - a tactic frequently employed by Twitter spammers.

Meanwhile, Twitter and Facebook share details of the accounts they have shut down after finding they were spreading misinformation in the run-up to the US midterm elections.

Read more...