Breaches

39728eff8ac87a48cfb050f0df29ceaa

Effective SIEM: Less Turtle - More Awareness

January 12, 2012 Added by:John Linkous

SIEM tools are highly focused on events. Even in cases where a SIEM can look outside of the world of events at one or two other pieces of data - say, at network traffic - that’s still woefully inadequate. We certainly need events and network traffic data...

Comments  (0)

959779642e6e758563e80b5d83150a9f

On the Israeli Credit Card Breach

January 08, 2012 Added by:Danny Lieberman

The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Symantec Norton AV Hack: Some Further Considerations

January 07, 2012 Added by:Pierluigi Paganini

The information was obtained by hacking India's military computer network. The Indian intelligence agencies were in possession of the source code thanks to an agreement with Symantec. The source code seems to be part of the Norton Antivirus version 2006...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Symantec Gets Pwn3d: The Fallout

January 06, 2012 Added by:Kevin McAleavey

YamaTough provided Infosec Island with compelling evidence that he did indeed have the secret sauce and planned to release it in order to embarrass Symantec over Indian government policies towards obtaining source code to eavesdrop on cell phones and other communications...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Is It Really the Norton AV Source Code?

January 06, 2012 Added by:Keith Mendoza

The best part, the archive file that YamaTough floated does not contain any code that does the actual scanning for viruses. That's the good news, now for the part that would keep me awake tonight if I were a developer in the Norton Anti-virus team...

Comments  (5)

6d117b57d55f63febe392e40a478011f

Symantec Confirms Norton AV Source Code Exposed

January 05, 2012 Added by:Anthony M. Freed

"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved..."

Comments  (21)

69dafe8b58066478aea48f3d0f384820

Update 3: Hackers May Leak Norton Antivirus Source Code

January 05, 2012 Added by:Headlines

YamaTough has posted more information from the alleged breach on Google+ in an effort to prove this is not a spoof, an excerpt is as follows...

Comments  (20)

6d117b57d55f63febe392e40a478011f

Update: File Appears to Contain 2006 Norton AV Source Code

January 05, 2012 Added by:Anthony M. Freed

Infosec Island has been provided with a file that appears to contain source code for the 2006 version of Norton antivirus. We have provided Symantec with the file and are awaiting their analysis. We will not be releasing the file due to the sensitive nature of the information...

Comments  (6)

924ce315203c17e05d9e04b59648a942

Fallout from the Christmas Hack of Stratfor

January 03, 2012 Added by:Richard Stiennon

The most painful lesson the Stratfor hack is about to demonstrate is the importance of email security. Anonymous will be recruiting volunteers to analyze the 3.3 million emails they stole that have the potential for real harm equal to the infamous WikiLeaks State Department leak...

Comments  (0)

296634767383f056e82787fcb3b94864

Was Stratfor Breached By an Insider?

January 03, 2012 Added by:Jeffrey Carr

I'm not accusing Michael Mooney of being involved. I am, however, stating that attacks by insiders who hold a grudge against their employer are common and Mooney's position along with the circumstances around his departure will certainly be explored by law enforcement...

Comments  (4)

0ff0a77035f9569943049ed3e980bb0d

Stratfor Hack Proves a Few Things

January 03, 2012 Added by:

How many more companies believe they can get by with half-baked security? Why are budgets being cut for information security by CIOs who just don’t get it? Why is it that organizations do business with other organizations without performing due diligence on the entity?

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Father Noel Delivers His Second Lump of "LulzXmas" to Stratfor

December 27, 2011 Added by:Kevin McAleavey

While many of us were nestled in our beds and enjoying Christmas day with family and friends, opening our gifts and downing the holiday grog, a nasty lump of coal was left once again under the tree for Stratfor by the LulzSec/Lulzboat crew...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Restaurant Depot Customers Alerted of Data Breach

December 12, 2011 Added by:Headlines

"Trustwave found that that the thieves inserted malicious software or 'malware' into the credit and debit card processing systems used in Restaurant Depot stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Rethinking Sensitive Information - Social Security Numbers

November 05, 2011 Added by:Rafal Los

Public and private entities have proven that a single nine-digit number as the gateway to our identities is not appropriate. Data breaches and identity theft cost organizations billions - perhaps we need to push the government to come up with a new way of verifying citizenship?

Comments  (1)

A7290c5bd7bc2aaa7ea2b6c957ef639b

SEC Issues Guidance on Security Incident Disclosure

October 31, 2011 Added by:David Navetta

What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...

Comments  (0)

Ebbcdce0dfc85abf519d8b44a017f687

Latest Data Breach Costs Could Exceed $5 Billion

October 31, 2011 Added by:Brian Dean

It is recommended that organizations receiving PII become intimately familiar with all of the applicable security requirements for their industry in order to understand minimum protection requirements, industry best practices, as well as the consequences of noncompliance...

Comments  (0)

Page « < 10 - 11 - 12 - 13 - 14 > »