August 19, 2012 Added by:Alexander Rothacker
So, what is this new vulnerability all about? It’s a privilege escalation vulnerability that gives an attacker SYSDBA privileges. In order to perform the exploit, one needs to have CREATE TABLE and CREATE PROCEDURE privileges as well as EXECUTE privileges on DBMS_STATS package...
August 03, 2012 Added by:Rafal Los
While it's not really OK to have a vulnerable application sitting out on the 'net, at least if it's in "stage" mode it shouldn't have real data... right? Unfortunately this wasn't the case in many of the incidents I experienced. It's time to remind ourselves that anything that is accessible should be well protected...
July 08, 2012 Added by:Ben Kepes
Analysis of unstructured data is the hot topic these days – organizations are lured by the promise of deriving huge incremental value by gaining insights from crunching vast pools of seemingly random numbers to determine patterns and trends. It’s not a huge surprise that structured data analytics gets forgotten...
June 25, 2012 Added by:Headlines
“The most disturbing findings were the number of companies that report they have no way to track what data is being stored in the cloud, no process to manage access to that data (or plans to do so), and that management doesn’t know where enterprise data is stored. This should act as a wakeup call for organizations..."
June 21, 2012 Added by:Rebecca Herold
Information disposal is now a legal requirement for basically all businesses of all sizes, and it simply makes sense to dispose of information securely as an effective way to prevent breaches. Having effective disposal policies, procedures and technologies in place demonstrates reasonable due diligence...
June 14, 2012 Added by:Megan Berry
There are many factors that can bring down your networks and compromise data, including criminals, carelessness and disgruntled employees. The hardware, software, and policies that make up the layers of network security defend your company’s systems from these threats. What are the most common threats?
June 14, 2012 Added by:Infosec Island Admin
In this first NIST 'Big Data' workshop, key national priority topics will be explored, including examples from science, health, disaster management, security, and finance. At the same time, topics in emerging technology areas including analytics and architectures will also be discussed...
June 05, 2012 Added by:Rebecca Herold
Big Data and associated analytics can be used to improve business and customer experiences and bring innovation and medical breakthroughs. However, organizations must make sure they don’t cross that line of customization and business improvements into creepiness and full-blown privacy invasion...
June 04, 2012 Added by:Fergal Glynn
As a process, data integrity verifies that data has remained unaltered in transit. As a state or condition, it is a measure of the validity and fidelity of a data object. As a function related to security, means information is exactly as it was inputted and is auditable to affirm its reliability...
May 23, 2012 Added by:Danny Lieberman
If you are a HIPAA covered entity, securing patient data is central to your business. If you are a big organization, you probably don’t need my advice. If you are small to mid-size provider without a large budget, the question is “How can I do this for as little money as possible?”
May 17, 2012 Added by:Stacey Holleran
Many small merchants—whether selling online or brick-and-mortar, or both—don’t have the technological background to understand the steps necessary for protecting the cardholder information and other sensitive data that passes through (and may be stored in) their business systems...
May 14, 2012 Added by:Electronic Frontier Foundation
In India, a massive effort is underway to collect biometric identity information for each of the country’s 1.2 billion people. The incredible plan has stirred controversy in India and beyond, raising serious concerns about the security of individuals’ personal data...
May 13, 2012 Added by:Jayson Wylie
There is a reason the security world refers to exploitation on the Internet to activity ‘in the wild’. A comparison can be made to the lawless, tough and unforgiving world of the Wild West in American history. You can get your stuffz or scalp taken...
May 10, 2012 Added by:Marc Quibell
Here's the problem - too many people have too much information about you, stored in or on who-knows-what, and who-knows-where. The risks of having your identity stolen and used are astronomical. All it requires is someone on the receiving end putting it all together...
May 08, 2012 Added by:Rebecca Herold
Even though it sounds complicated there are many good methods you can use to accomplish de-identification. The great thing is, under many legal constructs de-identification is an acceptable way to use personal information for purposes beyond which the personal data was collected...
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015