January 12, 2012 Added by:John Linkous
SIEM tools are highly focused on events. Even in cases where a SIEM can look outside of the world of events at one or two other pieces of data - say, at network traffic - that’s still woefully inadequate. We certainly need events and network traffic data...
January 08, 2012 Added by:Danny Lieberman
The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...
January 07, 2012 Added by:Pierluigi Paganini
The information was obtained by hacking India's military computer network. The Indian intelligence agencies were in possession of the source code thanks to an agreement with Symantec. The source code seems to be part of the Norton Antivirus version 2006...
January 06, 2012 Added by:Kevin McAleavey
YamaTough provided Infosec Island with compelling evidence that he did indeed have the secret sauce and planned to release it in order to embarrass Symantec over Indian government policies towards obtaining source code to eavesdrop on cell phones and other communications...
January 06, 2012 Added by:Keith Mendoza
The best part, the archive file that YamaTough floated does not contain any code that does the actual scanning for viruses. That's the good news, now for the part that would keep me awake tonight if I were a developer in the Norton Anti-virus team...
January 05, 2012 Added by:Anthony M. Freed
"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved..."
January 05, 2012 Added by:Headlines
YamaTough has posted more information from the alleged breach on Google+ in an effort to prove this is not a spoof, an excerpt is as follows...
January 05, 2012 Added by:Anthony M. Freed
Infosec Island has been provided with a file that appears to contain source code for the 2006 version of Norton antivirus. We have provided Symantec with the file and are awaiting their analysis. We will not be releasing the file due to the sensitive nature of the information...
January 03, 2012 Added by:Richard Stiennon
The most painful lesson the Stratfor hack is about to demonstrate is the importance of email security. Anonymous will be recruiting volunteers to analyze the 3.3 million emails they stole that have the potential for real harm equal to the infamous WikiLeaks State Department leak...
January 03, 2012 Added by:Jeffrey Carr
I'm not accusing Michael Mooney of being involved. I am, however, stating that attacks by insiders who hold a grudge against their employer are common and Mooney's position along with the circumstances around his departure will certainly be explored by law enforcement...
How many more companies believe they can get by with half-baked security? Why are budgets being cut for information security by CIOs who just don’t get it? Why is it that organizations do business with other organizations without performing due diligence on the entity?
December 27, 2011 Added by:Kevin McAleavey
While many of us were nestled in our beds and enjoying Christmas day with family and friends, opening our gifts and downing the holiday grog, a nasty lump of coal was left once again under the tree for Stratfor by the LulzSec/Lulzboat crew...
December 12, 2011 Added by:Headlines
"Trustwave found that that the thieves inserted malicious software or 'malware' into the credit and debit card processing systems used in Restaurant Depot stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia..."
November 05, 2011 Added by:Rafal Los
Public and private entities have proven that a single nine-digit number as the gateway to our identities is not appropriate. Data breaches and identity theft cost organizations billions - perhaps we need to push the government to come up with a new way of verifying citizenship?
October 31, 2011 Added by:David Navetta
What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...
October 31, 2011 Added by:Brian Dean
It is recommended that organizations receiving PII become intimately familiar with all of the applicable security requirements for their industry in order to understand minimum protection requirements, industry best practices, as well as the consequences of noncompliance...
Indicators of Compromise for Malware Used by... Jeanson Ancheta on 12-22-2014
Paying Lip Service (Mostly) to User Educatio... Sherrley Max on 12-20-2014
Update 3: Hackers May Leak Norton Antivirus ... Prabhas Raju on 12-19-2014