March 12, 2012 Added by:Alexander Rothacker
The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets. For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected...
March 08, 2012 Added by:PCI Guru
The lawsuit points out a disconcerting issue with a cardholder data breach: Any incident investigation initiated by the card brands under the PCI standards is going to focus on PCI compliance and not on whether or not the breach actually occurred...
March 08, 2012 Added by:Brent Huston
Hacktivism is an extended threat for infosec. You can be targeted for your partnerships, role in a supply chain, to steal CPU cycles/storage from your systems, or because you have a common vulnerability. There are a myriad of reasons from the criminal to the abstract...
March 07, 2012 Added by:Marjorie Morgan
The ISA and ANSI released a new report titled The Financial Impact of Breached Protected Health Information which explores the reputational, financial, legal, operational, and clinical repercussions of a protected health information breach on an organization...
March 07, 2012 Added by:Kevin McAleavey
The defacement also show tremendous amounts of sensitive corporate information including internal accounts, passwords, server and cloud configurations, access information to the antivirus lab's Teamviewer as well as alternate means of accessing their internals via "logmein"...
February 24, 2012 Added by:Neira Jones
It is crucial that businesses understand which controls are needed to maintain the security of their information assets and it is therefore crucial that suppliers are assessed against the business regulatory and compliance framework...
February 16, 2012 Added by:Suzanne Widup
Much is being published about how inappropriate the response to the Nortel incident was, but it demonstrates an important point for companies - how do you know when you’ve done enough? How do you tell when an incident is over, and you should go back to business as usual?
February 16, 2012 Added by:Neira Jones
SQLi was the number one attack vector found in both the Web Hacking Incident Database and the number one Web-based method of entry in incident response investigations. SQL injections were the number one Web application risk of 2011...
February 15, 2012 Added by:Robert Siciliano
Massachusetts has one of the most stringent data protection laws on the books. Companies are now reporting when even a single individual’s information has been compromised. Despite strict security requirements, companies are continually being hacked in record numbers....
February 14, 2012 Added by:Kelly Colgan
The IRS has seen a significant increase in the number of fraud cases involving identity theft, according to Steven Miller, IRS deputy commissioner for services and enforcement. Addresses don’t mean anything. All a thief needs is your name and Social Security number...
February 13, 2012 Added by:Pierluigi Paganini
The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...
February 13, 2012 Added by:Headlines
A hacker who goes by the handles "WeedGrower" and "X-pOSed" claims to have breached tech giant Intel and to have gained access to an Intel.com subscriber database that contains sensitive information including passwords, social security and credit card numbers...
February 10, 2012 Added by:Kevin McAleavey
The Symantec leak could pose a risk to RSA's SecurID. Examination of the source code for PCAnywhere turned up something disturbing - numerous header files and several libraries belonging to RSA, and SecurID code is part of the exposed PCAnywhere product source code...
February 06, 2012 Added by:Neira Jones
We should always aim to reduce the frequency of security incidents by effectively securing networks, systems, applications and have the appropriate policies and processes in place, and the NIST report helps in providing guidelines on responding to incidents effectively...
February 06, 2012 Added by:Anthony M. Freed
Anonymous-aligned hacker YamaTough, the spokesperson for the hacktivist group “The Lords of Dharmaraja”, falsely accused Symantec of attempting to bribe the group in order to prevent the release of source code for the company's PCanywhere product, among others...
February 03, 2012 Added by:Brian Dean
Consumers are desensitized to breaches, as evidenced by the meager rate of consumers applying for free credit monitoring services after a company breach. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?”
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015