February 16, 2012 Added by:Suzanne Widup
Much is being published about how inappropriate the response to the Nortel incident was, but it demonstrates an important point for companies - how do you know when you’ve done enough? How do you tell when an incident is over, and you should go back to business as usual?
February 16, 2012 Added by:Neira Jones
SQLi was the number one attack vector found in both the Web Hacking Incident Database and the number one Web-based method of entry in incident response investigations. SQL injections were the number one Web application risk of 2011...
February 15, 2012 Added by:Robert Siciliano
Massachusetts has one of the most stringent data protection laws on the books. Companies are now reporting when even a single individual’s information has been compromised. Despite strict security requirements, companies are continually being hacked in record numbers....
February 14, 2012 Added by:Kelly Colgan
The IRS has seen a significant increase in the number of fraud cases involving identity theft, according to Steven Miller, IRS deputy commissioner for services and enforcement. Addresses don’t mean anything. All a thief needs is your name and Social Security number...
February 13, 2012 Added by:Pierluigi Paganini
The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...
February 13, 2012 Added by:Headlines
A hacker who goes by the handles "WeedGrower" and "X-pOSed" claims to have breached tech giant Intel and to have gained access to an Intel.com subscriber database that contains sensitive information including passwords, social security and credit card numbers...
February 10, 2012 Added by:Kevin McAleavey
The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...
February 06, 2012 Added by:Neira Jones
We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...
February 06, 2012 Added by:Anthony M. Freed
Anonymous-aligned hacker YamaTough, the spokesperson for the hacktivist group “The Lords of Dharmaraja”, falsely accused Symantec of attempting to bribe the group in order to prevent the release of source code for the company's PCanywhere product, among others...
February 03, 2012 Added by:Brian Dean
Consumers are desensitized to breaches, as evidenced by the meager rate of consumers applying for free credit monitoring services after a company breach. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”
February 03, 2012 Added by:Pierluigi Paganini
The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...
February 03, 2012 Added by:Robert Siciliano
Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and data stolen. Data breaches cost big bucks. Encryption in this scenario failed due to a password on a sticky note near the laptop...
February 01, 2012 Added by:Jeffrey Carr
As the world's largest vendor of security software, the breach puts all of its corporate and government customers at risk, because if Symantec didn't know the extent of its breach back then, how do Symantec's customers know that their current product line is safe to use?
January 31, 2012 Added by:Don Turnblade
How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...
January 31, 2012 Added by:Suzanne Widup
Although 2007 and 2008 grew the most in terms of additional incidents being disclosed, 2008 showed the highest number of additional records, with almost 95 million. Though 2011 is not the highest in terms of incidents, it is now the leader for records disclosed thus far...
January 26, 2012 Added by:Pierluigi Paganini
"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," Symantec said in the white paper...
Resource Scarcity Plaguing Security Programs... Anjelina Williams on 03-06-2015
The Danger of Mixing Cyber Espionage with Cy... leijon 19 on 03-06-2015
Don’t Let Your Guard Down: Tragedies Pave ... David Peter on 03-06-2015