April 13, 2012 Added by:David Navetta
The latest CDBS study can be considered a bookend to Verizon’s annual DBIR. The two reports paint a data breach landscape that continues to change. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined...
April 13, 2012 Added by:Patrick Oliver Graf
Network connections that communicate with machine-to-machine (M2M) management platforms are especially prone to attacks, in part because the M2M systems primarily communicate via Wi-Fi networks and 2 or 3G connections...
April 12, 2012 Added by:Neira Jones
The Verizon DBIR 2012 was released last month and I am sure you have seen a lot on the subject. With every report, statistics and opinions have to be put in the right context. The conclusions are not surprising, but there are a few nuggets in the report worth examining...
April 12, 2012 Added by:Rafal Los
You've heard us say for a while now that information security isn't about reaching some mythical state of 'secure' but rather a constant battle on the ever-changing front lines of your organization to minimize any damage that the evil hackers can do once they find an in...
April 11, 2012 Added by:Fergal Glynn
Companies that suffer a data breach lose more than just confidential information. Their reputation, productivity, and profitability can all be negatively impacted in the aftermath of even a single incident. The organization may face fines, civil or criminal prosecution...
April 03, 2012 Added by:Pierluigi Paganini
Global Payments' announced that Track 2 data was stolen, which is used by the bank. Track 1 data generally refers to the information reported on the front of a bank card. So if this information was stolen along with that contained in Track 2, it is possible to clone a card...
March 30, 2012 Added by:Headlines
"Visa Inc. is aware of a potential data compromise incident at a third party entity... Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards..."
March 27, 2012 Added by:Headlines
Chaney admitted he hacked into the e-mail accounts by taking the victims’ e-mail addresses, clicking on the “Forgot your password?” feature, then re-setting the passwords by answering security questions using publicly available information he found on the Internet...
March 23, 2012 Added by:Headlines
“Insiders continue to pose a serious threat to the security of their organizations. This is particularly true as the increasing adoption of tablets, smart phones and cloud applications in the workplace means that employees are able to access corporate information anywhere..."
March 23, 2012 Added by:Headlines
After a five week trial, four defendants have been convicted for their roles in one of the largest bank fraud and identity theft schemes in California history, with dozens of victims in four states and millions of dollars in losses...
March 22, 2012 Added by:Headlines
"Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and intellectual property..."
March 21, 2012 Added by:Kelly Colgan
Database security is an essential element of overall security maturity at enterprise level. Underestimating its value and not dedicating sufficient attention to developing a comprehensive data security plan can, in many instances, lead to data compromise...
March 19, 2012 Added by:Pierluigi Paganini
An underground black market is offering 2,462,935 U.S government email addresses and another 2,178,000 U.S military email addresses for sale. The risks are really serious, as this information could be used by hostile government in cyber attacks and cyber espionage activities...
March 12, 2012 Added by:Alexander Rothacker
The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets. For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected...
March 08, 2012 Added by:PCI Guru
The lawsuit points out a disconcerting issue with a cardholder data breach: Any incident investigation initiated by the card brands under the PCI standards is going to focus on PCI compliance and not on whether or not the breach actually occurred...
March 08, 2012 Added by:Brent Huston
Hacktivism is an extended threat for infosec. You can be targeted for your partnerships, role in a supply chain, to steal CPU cycles/storage from your systems, or because you have a common vulnerability. There are a myriad of reasons from the criminal to the abstract...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015