Several UK Banks Hit by Cyber Attacks in Past Six Months

Several UK banks and financial market infrastructures experienced cyber attacks, some of which disrupted service, in the past six months according to the Bank of England. “While losses have been small relative to UK banks’ operational risk capital requirements, they have revealed vulnerabilities. If these vulnerabilities were exploited to disrupt services, then the cost to…

Details

“I am Not Satoshi” – Security Researcher Debunks Rumors that He is the Elusive Inventor of Bitcoin

(Updates with the reported retraction from the two researchers regarding a link between Bitcoin and the Silk Road marketplace.) Recent speculation that Dustin Trammel is the mysterious inventor of Bitcoin and somehow connected to the Silk Road marketplace drove this Texas-based security researcher to post a denial to his website. Bitcoins are the first form of…

Details

How You Should Be Thinking About the Information Security Budget

So, how did you do this year with your security budget requests?  And how does the plan look for next year?  With information security representing a competitive arms race with the bad guys, you want enough funding to insure you are practicing commercially reasonable security, and to support mission critical business strategies. Many organizations don’t…

Details

Twitter Enables Perfect Forward Secrecy to Bolster Security

Twitter Inc. said it has enabled Perfect Forward Secrecy (PFS) in a move to increase protections around users’ information following reports of secret data mining by the National Security Agency (NSA). “Forward secrecy is just the latest way in which Twitter is trying to defend and protect the user’s voice,” Twitter said in a blog post issued…

Details

PCI Security Standards Council Updates Credit Card Data Security Standard

The PCI Security Standards Council (PCI SSC), a worldwide forum that develops payment card security standards for its corporate members, has published its latest version of those standards for implementation in January, 2014. The most recent updates include recommendations for blending the PCI Data Security Standard (PCI DSS) and the PCI Payment Application Data Security…

Details

Audit Finds Taxpayer Data is at Risk; Urges IRS to Take Action

Taxpayer data is at risk as disgruntled insiders or malicious outsiders can exploit security weaknesses and the Internal Revenue Service (IRS) should take action, the US Treasury Inspector General For Tax Administration (TIGTA) said in a report released on Thursday. Based on its annual audit, the TIGTA found that 42 percent (eight) of 19 planned corrective…

Details

Prevent SQL Injection Attacks with DB Networks’ New Core IDS

What is the top threat to web applications today? According to the Open Web Application Security Project (OWASP), it’s SQL injection. The problem is so pervasive that it has topped the OWASP Top 10 list of software security issues for several years in a row, and for good reason. Hundreds of millions of database records have been stolen…

Details

Sometimes Your Employees Go Home; The Case for Securing Home Users

Bring your own devices (BYOD), USB flash drives, signing into compromised personal web-based accounts from work, and shared passwords. These are some of the reasons for information security professionals to train their employee user base, even when it’s about apparent non-work related computing resources. Becoming visible to your non-security enterprise end users as a security resource…

Details

Does the NSA Use Quantum Computing to Break Things?

In the continuing stream of revelations about reported NSA hacking to protect national interests comes more news. Data moving between data centers operated by the world’s largest Internet email companies allegedly was intercepted and collected for analysis because the encryption protections on the data was bypassed. The prevailing theories about how the NSA apparently did this…

Details