A United States federal judge recently ruled the Federal Trade Commission has the authority to file lawsuits against companies for failing to take “reasonable and appropriate” data security measures. The FTC sued hotel chain Wyndham Worldwide in 2012 of “repeated failures” to protect its customers’ data that led to multiple data breaches between 2008 and…
DetailsThis series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid a fee to cover the expense of producing the videos. As malware become both more sophisticated and more targeted traditional AV began to fail.…
DetailsThe US National Security Agency (NSA) reportedly knew about the Heartbleed bug flaw and regularly used it to gather critical intelligence, according to the Bloomberg news agency. Heartbleed is the name given to a software vulnerability in OpenSSL, an open-source cryptographic library widely used to secure Internet communications. OpenSSL is commonly used by Web servers, VPN software,…
DetailsWhile Bruce Schneier may have been jumping to conclusions when he said: “At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies.” It did not take long for at least a couple of traces of recorded network traffic, as reported by Ars Technica,…
DetailsAfter presenting this week at InfoSecWorld 2014 on Why Risk Management Fails, I was asked by a frustrated risk management professional how to build an IT security program. The days are gone when I could just sketch out a list of technologies to deploy, as I did for the newly appointed CISO of a government…
DetailsIn the days since the Heartbleed Bug, a vulnerability in OpenSSL heart beat function, was exposed we have begun to see signs of the Internet bleeding out. Bruce Schneier ranks this issue an 11 on a scale of 1 to 10. Read the original Heartbleed post at heartbleed.com and then read this great explanation of…
DetailsConsidering that SSL protocols, including OpenSSL, are used anywhere machines have to communicate securely with each other, Heartbleed isn’t just a problem for Web servers. The vulnerability is present in client software running on PCs and Android tablets, as well. For example, many routers and other networking equipment come with built-in Web servers to run…
DetailsThe announcement yesterday of a widely deployed vulnerability in OpenSSL, the Heartbleed Bug, is set to shake up the security industry. According to the discoverers at Codenomicon and Google, all Apache web servers and most recent distributions of open source operating systems suffer from this bug in the way a SSL heartbeat function works. An attacker can…
DetailsCyber-attackers are withdrawing large amounts of money using stolen debit card information, often in amounts exceeding ATM limits or even the amount the victim has in the account, the Federal Financial Institutions Examination Council (FFIEC) said in a four-page statement last week. The cash-fraud scheme, which the US Secret Services refers to as “Unlimited Operations,” appears…
DetailsThe US Federal Financial Institution Examination Council’s (FFIEC) recent guidance on distributed denial of service (DDoS) attacks, provides financial institutions with at least six-steps as part of their responsibility to mitigate risk. The announcement in a press release outlines expectations to ensure businesses are aware of DDoS attacks and then expect organizations to conduct a risk…
Details