Researchers at CA say they have detected a new variant of the Storm Worm, the infamous botnet best known for its spam-producing abilities, but which was effectively killed off more than a year ago.

Visa announced Tuesday that it has banned merchants from providing cardholder data to third parties without first receiving consent from the consumer. The new rule is a move to prevent a deceptive practice known as "data pass," by which a shopper, during checkout, is prompted to enroll in a club membership. The customer often does not realize the offer originates from a different merchant or that it comes with additional fees and charges, Visa said. Under the new rule, consumers will have to re-enter their credit card information if they wish to sign up for the promotions, which have cost some 30 million Americans about $1.4 billion, said Visa, citing a 2009 report from the U.S. Senate Commerce Committee. — DK

If CSOs only have budget to make one technology purchase, they should consider a firewall upgrade.

Eastern European gangs are systematically conducting well-organized skimming attacks against U.S. consumers and businesses, according to a Gartner analyst.

Splunk.com, a provider of IT infrastructure search software, disclosed late last week that some users' passwords were exposed after debug code accidentally wound up on its production web servers. The error resulted in the logging of passwords in clear text. There is no reason to believe the information was exposed to anyone other than some Splunk employees, the company said in a Friday blog post. All affected passwords have been reset. It is unclear for how long the credentials were exposed. — AM

Blippy, a social networking website on which users can share details of their purchases, is responding to a recently announced breach by investing in an IT security program.