September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
September 13, 2012 Added by:Robert Siciliano
A 60-day window covers two billing cycles, enough for most account-conscious consumers who keep an eye on their spending. Victims of fraudulent credit card charges only wind up paying the unauthorized charges if they fail to report the credit card fraud within 60 days...
September 11, 2012 Added by:Pierluigi Paganini
Excluding attacks by foreign governments and cyber criminals that exploit 0-days, with best practices and the adoption of compliance at the current standard, in matters of security it is possible to avoid data breach incidents, or at least reduce the amount of exposed information...
August 16, 2012 Added by:Brian Dean
The bottom line: Hacking is lucrative and can be executed from nearly anywhere in the world. Security professionals should be providing risk assessment results annually to executive management. Of course, providing a list of vulnerabilities is probably career limiting. This is the balancing act we must perform...
August 06, 2012 Added by:David Navetta
The Holmes decision further underscores difficulties in securing any recovery on a data breach lawsuit absent actual identity theft. However, the lengthy history of this case — dating back to 2008 including a challenge to a Court approved settlement — highlights that such cases are protracted and costly to defend...
July 27, 2012 Added by:Kelly Colgan
It’s not just about protecting ourselves from identity theft or fraud like when our account number or government-issued ID numbers are exposed. It’s what I like to call privacy for the sake of privacy. Just knowing that someone could be looking at our personal histories doesn’t sit well with the public...
July 23, 2012 Added by:Kelly Colgan
When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...
July 20, 2012 Added by:Headlines
"While the media is reporting a growing number of high profile data breaches, some small businesses may also be a popular target for hackers because their systems are usually easier to get into and the breach may not be found out for a good few weeks...”
July 17, 2012 Added by:Megan Berry
Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...
July 17, 2012 Added by:Headlines
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...
July 11, 2012 Added by:Matthijs R. Koot
In 2012, Netherlands will establish mandatory breach notification for vital sectors, giving the government increasing sectoral intervention possibilities. This includes the authority to obtain information, administrative enforcement of designations and the authority to appoint an officer on behalf of the government...
July 02, 2012 Added by:Rebecca Herold
“This is OCR’s first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” Bottom line for all organizations of all sizes: It is wise to learn from the pain of others...
June 27, 2012 Added by:David Navetta
Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...
June 19, 2012 Added by:Jeffrey Carr
Russia plans to spend US$13B on UAS development over the next eight years. Part of that technology development strategy is almost certainly going to be acquiring intellectual property on related technology from foreign firms. Two good examples of companies at risk are Boeing and General Atomics...
June 15, 2012 Added by:Andy Willingham
You see what made me so mad? It wasn’t the release of the PII of all those innocent people, it was their reason for doing it. They reported a web site vulnerability and it wasn’t fixed, so they decided to post PII of thousands of people on the internet. Who put them in the role of deciding who wins and who loses?
June 13, 2012 Added by:Allan Pratt, MBA
Much has been written about the LinkedIn security breach and the millions of passwords at risk. Hopefully by now all users have changed them and made them more complex. When it comes to professional social networking sites though, LinkedIn is not the only game in town. Here are the Top 10 alternatives...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015