Vulns & Alerts
From the Web
Heartland breach shows why compliance is not enough
January 06, 2010 from: Office of Inadequate Security
The [Heartland] intrusion led to the “stark realization that passing a PCI security audit does not make a company secure,” said Avivah Litan, an analyst at research firm Gartner Inc. “This was known well before the breach, but Heartland served as a big pail of ice water thrown on the face of companies complying with PCI,” she said.
Comments (0)
From the Web
Looking back on 2009
January 03, 2010 from: Office of Inadequate Security
The breach of Heartland Payment Systems grabbed the headlines for much of the year and the entire population of Belize had their birth details stolen when a government employee left a laptop in a car, but what else went on?
Comments (0)
From the Web
Cybercrooks stalk small businesses that bank online
January 03, 2010 from: Office of Inadequate Security
A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking.
Comments (0)
Rockyou.com - Gets Rocked again - this time a PII Lawsuit
January 02, 2010 Added by:Jason Remillard
Well, its happened. This time, the users themselves have taken action against rockyou.com for their inadvertent disclosure of customer information. As we previously reported, Rockyou was hacked and disclosed it looks like over 32,000,000 accounts. Yes, 32 Million!
Comments (1)
From the Web
Internet trading site collective2.com hacked
December 30, 2009 from: Office of Inadequate Security
Users of the do-it-yourself trading site collective2.com received an “urgent” e-mail at a few minutes past noon Wednesday notifying them that the company’s computer database had been breached by a hacker and that all users should log in to change their passwords immediately.
Comments (1)
aweber comes clean, sort of....splatter effect continues
December 22, 2009 Added by:Jason Remillard
While finally acknowledging their security exposure, aweber has done little to placate its user base judging by the responses and pleadings I've seen online. Yes another example of what I'm calling the 'splatter' effect. The damage that is borne upon others related to the security exposure, that is usually not measureable but definately has an impact.
Comments (0)
From the Web
Heartland to pay up to $2.4 million to settle cardholder class action suit
December 21, 2009 from: Office of Inadequate Security
Under the terms of the settlement, Heartland says it will pay a minimum of $1 million and up to a maximum of $2.4 million to class members who submit valid claims for losses as a result of the intrusion.
Comments (0)
From the Web
Hacking the US Government Is Cheap – Costwise
December 21, 2009 from: AEON Security Blog
Anyone who follows information security news is probably wondering this week: “What in the hell is up with security in this country”. At least for those of us living in the United States, this should of been the statement of choice.
Comments (1)
It’s ‘Defense in Depth’, not ‘Dense in Depth’
December 18, 2009 Added by:Bill Wildprett, CISSP, CISA
I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.
Comments (1)
From the Web
Heartland pays Amex $3.6M over 2008 data breach
December 17, 2009 from: Office of Inadequate Security
Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network.
Comments (0)
From the Web
Hacker hits NC community college system
December 17, 2009 from: Office of Inadequate Security
Patrons of North Carolina's community colleges may have had their drivers license and Social Security numbers stolen by a hacker.
Comments (0)
From the Web
BJ’s, Bank Not Liable for Credit Card Fraud
December 15, 2009 from: Office of Inadequate Security
Cumis Insurance Society and the credit unions it insures have failed in their lawsuit against BJ’s Wholesale Club and Fifth Third Bank over a 2004 breach that affected 9.2 million cardholders.
Comments (0)
From the Web
Fool Disclosure Woes
December 15, 2009 from: AEON Security Blog
Every so often we come up with some crafty methods to research security threats, theories and vulnerabilities and yet many times we’re left lingering with the feeling of guilt by not disclosing security holes. I believe it this is a feeling shared by many ethical security researchers: “To disclose or not to disclose…”
Comments (0)
From the Web
P2P fraudsters snare DoD employees and FL business; two indicted
December 11, 2009 from: Office of Inadequate Security
Jeffrey Steven Girandola and Kajohn Phommavong have been charged in a previously sealed 16-count indictment with Conspiracy, Computer Fraud, Access Device Fraud and Aggravated Identity Theft. According to the indictment, which was handed up by a federal grand jury in San Diego, the defendants installed peer-to-peer file sharing software on computers under their control and searched the a...
Comments (0)
From the Web
Judge dismisses shareholder lawsuit against Heartland (updated)
December 09, 2009 from: Office of Inadequate Security
A U.S. District Court judge in New Jersey has tossed out a class-action lawsuit filed by shareholders against Heartland Payment Systems, the credit card processor announced Wednesday.The judge granted Heartland’s motion to dismiss the action, which was filed in the wake of Heartland’s massive breach that was reported earlier this year, according to a company statement. No reason wa...
Comments (0)
From the Web
Gonzalez to plead guilty in NJ
December 08, 2009 from: Office of Inadequate Security
An admitted computer hacker charged in the nation’s largest-ever data breach has told federal prosecutors in New Jersey that he plans to plead guilty in connection to the alleged theft of more than 130 million credit card numbers.
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox