FBI Warns of Destructive Malware Post Sony Attack

Cybercriminals are targeting U.S. businesses with malware with destructive capabilities, much like the one that recently crippled Sony, the Federal Bureau of Investigation warned late Monday. The malware described in the five-page confidential “flash” FBI warning issued to businesses on Monday appear to be the same as the one that affected Sony Pictures Entertainment last…

Details

Federal Weather System Breached

China-based attackers are back in the news again, this time for breaching the federal weather network, officials told the Washington Post. The initial intrusion appears to have occurred late September, but officials from the National Oceanic and Atmospheric Administration (NOAA) did not take steps or notify proper authorities until October, the Post reported. NOAA declined…

Details

FBI Investigates Cyber Attack on US Postal Service

The Federal Bureau of Investigation is investigating a cyber attack earlier this year against the U.S. Postal Service that exposed the personal information of every single employee. Personal information of more than 800,000 postal employees have been exposed, as well as customers who contacted the USPS call center by telephone or email between January and…

Details

The Problem of Buggy Software Components

What do Heartbleed, Shellshock and Poodle all have in common? Well apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by developers to speed-up the development of their own bespoke programs. Heartbleed was in OpenSSL (an open source toolkit for implementing secure access to web sites), Shellshock…

Details

More Calls for Businesses to Adopt EMV Chip Payment Technology

Another industry alliance joined the chorus urging businesses that process debit and credit cards to implement EMV payment chip technology to combat fraud. EMV stands for Europay, MasterCard® and Visa®, the developers of the technology. It has been used in Europe since 1992, and moves are underway to make it the standard payment type in the United…

Details

Legacy Security Controls: Time to Pull the Plug?

It’s a fact of life that most IT shops have, to one degree or another, a “security products graveyard” – i.e. security technology that’s past its prime, performing poorly, or that otherwise represents a drain on the security program. Note that by this, I’m not talking about technologies that have served their useful purpose and…

Details

Splitting Symantec is the Right Thing To Do – Now it is Intel’s Turn

The current flurry of breakups in the tech sector is gratifying to watch. The only conglomerate strategy I have ever seen work effectively is Alfred P. Sloan’s revolutionary “centralized decentralization” which allowed General Motors to become the dominant car manufacturer for decades. Roger Smith, the epitome green-visor accounting executive, destroyed that company by re-centralizing the divisions.…

Details

What CISOs Must Know About Fighting Identity Theft

High-level strategies for defending against attacks to steal identities are twofold: solutions on the back end, and what consumers and business partners can do to protect themselves. Almost daily, we hear about security breaches with millions of personal data records compromised, requiring companies to notify those affected, and to provide free credit and identity theft…

Details