April 20, 2011 Added by:Rebecca Herold
What is important to point out about this case is that the doctor described the patient’s injuries in such a way that an unauthorized third party would be able to identify the person described, even though the doctor did not include any of the 18 specifically-named PHI items...
April 20, 2011 Added by:Robert Siciliano
Five major players have floated to the top, dominating a major chunk of the mobile operating systems market. It used to be that people chose their phone only by their carrier and what brands they offered. Today many choose their phone based on the manufacturer and its operating system...
April 20, 2011 Added by:Brent Huston
Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...
April 20, 2011 Added by:Katie Weaver-Johnson
The federal government is paying whistleblowers, and now that we also have Wikileaks and other public web sites to report to, organizations need to make sure they have more holistic and comprehensive platforms for employees to report suspicious incidents internally...
April 20, 2011 Added by:Headlines
Complete extraction of existing, hidden, and deleted data, including call history, text messages, contacts, images, and allows visualization of existing and deleted locations on Google Earth. Location information from GPS devices and image geotags can be mapped on Google Maps...
April 19, 2011 Added by:Global Knowledge
When most individuals hear the word "Certification", dollar signs immediately begin dancing in their heads. While some certifications do command a higher salary, this is not true for all. Time to look at some of the more popular certifications - and their associated pay...
April 19, 2011 Added by:Jared Carstensen
The recent economic growth in Europe (bank bailouts aside), upgrades to infrastructure, communications, and internet speeds, coupled with the reduced costs of equipment required for cyber criminals to operate, has greatly assisted cyber criminals and cartels in their mission...
April 19, 2011 Added by:Rafal Los
Money and technology alone won't bring us secure software or applications. Many times the idea of spending a large chunk of money on tools alone sounds appealing because someone selling you something says that you should - but I'd like to urge caution...
April 19, 2011 Added by:Robert Siciliano
Consumers are receiving messages from trusted companies such as 1-800-Flowers, Chase, Hilton and others, letting them know that their e-mail addresses have been exposed. This provides a perfect opportunity for cybercriminals who may try to take advantage of the breach...
April 19, 2011 Added by:Headlines
"Certainly what we’ve seen is very consistent with the RSA attack. Whoever is doing this attempts to get a foothold in the network system, works patiently and relatively quietly to try to expand that and is looking for specific types of information..."
April 19, 2011 Added by:Sasha Nunke
Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...
April 19, 2011 Added by:Bill Gerneglia
A sizable number of comments took the line that playing games on corporate systems was either beneficial to the company or caused no significant harm. One agreed with an IT professional quoted in the story, who said that gaming helps IT employees “stay sharp"...
April 18, 2011 Added by:J. Oquendo
The sole purpose of Ensatus is deception and it drives the point of "fail" when it comes to counterattacking. If I were performing a sanctioned penetration test, I would be using decoys. In the event counterattacking were legal, you would be counterattacking an innocent victim...
April 18, 2011 Added by:kapil assudani
In many companies, the culture is to embrace security only where it is absolutely necessary, and this usually comes through corporate security policies and industry regulations. Beyond these, security groups hardly have any teeth - unless its a critical security issue...
April 18, 2011 Added by:Anton Chuvakin
Configuring tools needs to happen after the policy is created. Goals first, infrastructure choices second. In case of privacy and other regulations on top of FISMA, the legal department should also have their say, however unpalatable it may be to the security team...
April 18, 2011 Added by:Headlines
“The government keeps the damage we are sustaining from cyber attacks secret because it is classified. The private sector keeps the damage they are sustaining from cyber attacks secret so as not to look bad... The net result of that is that the American public gets left in the dark..."
April 18, 2011 Added by:Robert Siciliano
As more and higher speed networks are built, more consumers will gravitate toward the mobile web. Smartphone users are downloading billions of apps and spending millions via mobile payments. For the younger generation, smartphones are used for a majority of ecommerce transactions...
April 18, 2011 Added by:Rod MacPherson
Another scam that they are running is a fake Epsilon breach news update site (copied from the actual press release site) that offers up a downloadable tool that they tell you to run to see if the hackers have your e-mail address. That tool is a Trojan...
April 17, 2011 Added by:Danny Lieberman
Mitigating the insider threat requires defining whether or not there IS a threat, and if so, finding the right security countermeasures to mitigate the risk. One wonders whether or not RSA eats their own dog food, and had deployed a data loss prevention system. Apparently not...
April 17, 2011 Added by:Rahul Neel Mani
While it’s only beginning to percolate, a trend is clearly emerging— cyber criminals are looking for new opportunities outside of the PC environment. They are investing more resources toward developing exploits that specifically target users of mobile devices...