The Problem of Buggy Software Components

What do Heartbleed, Shellshock and Poodle all have in common? Well apart from being software vulnerabilities discovered in 2014, they were all found in pre-built software components, used by developers to speed-up the development of their own bespoke programs. Heartbleed was in OpenSSL (an open source toolkit for implementing secure access to web sites), Shellshock…

Details

More Calls for Businesses to Adopt EMV Chip Payment Technology

Another industry alliance joined the chorus urging businesses that process debit and credit cards to implement EMV payment chip technology to combat fraud. EMV stands for Europay, MasterCard® and Visa®, the developers of the technology. It has been used in Europe since 1992, and moves are underway to make it the standard payment type in the United…

Details

Legacy Security Controls: Time to Pull the Plug?

It’s a fact of life that most IT shops have, to one degree or another, a “security products graveyard” – i.e. security technology that’s past its prime, performing poorly, or that otherwise represents a drain on the security program. Note that by this, I’m not talking about technologies that have served their useful purpose and…

Details

Splitting Symantec is the Right Thing To Do – Now it is Intel’s Turn

The current flurry of breakups in the tech sector is gratifying to watch. The only conglomerate strategy I have ever seen work effectively is Alfred P. Sloan’s revolutionary “centralized decentralization” which allowed General Motors to become the dominant car manufacturer for decades. Roger Smith, the epitome green-visor accounting executive, destroyed that company by re-centralizing the divisions.…

Details

What CISOs Must Know About Fighting Identity Theft

High-level strategies for defending against attacks to steal identities are twofold: solutions on the back end, and what consumers and business partners can do to protect themselves. Almost daily, we hear about security breaches with millions of personal data records compromised, requiring companies to notify those affected, and to provide free credit and identity theft…

Details

Security Versus Compliance: What’s the Difference?

Security is the pursuit of perfect protection through ongoing tightening of defenses and preemptive activities to cover vulnerabilities.  Risk management, on the other hand, is a discipline that enables organizations to operate and measurably improve their security and compliance environments according to legal standards. Most companies are not accustomed to thinking of information as a…

Details

eSentire Raises $14 Million in Series C Round

[usp_status display=”email”] eSentire, a Canadian technology and security services company, said on Tuesday that it had raised $14 million in a series C investment round led by Georgian partners, with Cisco Investments and Northleaf Venture Catalyst Fund taking part. eSentire said that it secures the networks of more than 450 financial services companies, law firms…

Details

Salesforce Under Cyber Attack; Issues Malware Warning

Attackers are targeting Salesforce users with malicious emails designed to trick victims into downloading the Dyreza malware onto their computers, the software-as-a-service giant warned customers earlier this week. Salesforce said it was not aware of any customers who have been affected by the attacks. The attackers have not compromised Salesforce systems. The attacks typically utilize…

Details