Cybercriminals are targeting U.S. businesses with malware with destructive capabilities, much like the one that recently crippled Sony, the Federal Bureau of Investigation warned late Monday. The malware described in the five-page confidential “flash” FBI warning issued to businesses on Monday appear to be the same as the one that affected Sony Pictures Entertainment last…
DetailsHappy anniversary? One year ago the infamous Target breach occurred; November 27 to be exact. Unless you’ve not ventured out to a retailer in 2014, there’s a good chance you’ve been impacted by a card breach. Impacted? What does that mean? Like many, probably an inconvenience. Granted there is risk of fraud but that’s waived,…
DetailsIt’s the holiday season, which means that many of us are already in the process (or soon will be) of putting up holiday decorations. Ordinarily that wouldn’t be particularly noteworthy — or applicable to InfoSec for that matter — but this season there’s a bit of a sea change underway that carries with it an…
DetailsChina-based attackers are back in the news again, this time for breaching the federal weather network, officials told the Washington Post. The initial intrusion appears to have occurred late September, but officials from the National Oceanic and Atmospheric Administration (NOAA) did not take steps or notify proper authorities until October, the Post reported. NOAA declined…
DetailsThe Federal Bureau of Investigation is investigating a cyber attack earlier this year against the U.S. Postal Service that exposed the personal information of every single employee. Personal information of more than 800,000 postal employees have been exposed, as well as customers who contacted the USPS call center by telephone or email between January and…
DetailsWhat do Heartbleed, Shellshock and Poodle all have in common? Well apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by developers to speed-up the development of their own bespoke programs. Heartbleed was in OpenSSL (an open source toolkit for implementing secure access to web sites), Shellshock…
DetailsAnother industry alliance joined the chorus urging businesses that process debit and credit cards to implement EMV payment chip technology to combat fraud. EMV stands for Europay, MasterCard® and Visa®, the developers of the technology. It has been used in Europe since 1992, and moves are underway to make it the standard payment type in the United…
DetailsIt’s a fact of life that most IT shops have, to one degree or another, a “security products graveyard” – i.e. security technology that’s past its prime, performing poorly, or that otherwise represents a drain on the security program. Note that by this, I’m not talking about technologies that have served their useful purpose and…
DetailsThe current flurry of breakups in the tech sector is gratifying to watch. The only conglomerate strategy I have ever seen work effectively is Alfred P. Sloan’s revolutionary “centralized decentralization” which allowed General Motors to become the dominant car manufacturer for decades. Roger Smith, the epitome green-visor accounting executive, destroyed that company by re-centralizing the divisions.…
DetailsHigh-level strategies for defending against attacks to steal identities are twofold: solutions on the back end, and what consumers and business partners can do to protect themselves. Almost daily, we hear about security breaches with millions of personal data records compromised, requiring companies to notify those affected, and to provide free credit and identity theft…
Details