Microsoft isn't happy, and their top lawyer had plenty to say about protecting customer information this week in a blog post that announced the company's efforts to implement wide-reaching encryption.
Steve Ragan | 06 Dec | Read more
JPMorgan Chase & Co. has said they plan to issue breach notifications to nearly 500,000 customers, or two percent of the bank's 25 million UCard users, after hackers breached their network in July. However, because there's no evidence that funds were stolen, the bank will not issue replacement cards.
Steve Ragan | 05 Dec | Read more
Indicators of Compromise (IOCs) are a valuable tool for administrators and network defenders. However, what happens when an attacker doesn't trigger the expected alerts, or worse, they blend in with alerts that go unnoticed or ignored?
Steve Ragan | 27 Nov | Read more
Despite warnings and concerns over the fact that websites used to manage the nation's healthcare exchange programs are at risk, and none more so than HealthCare.gov, one them is already dealing with the fallout from a data breach. According to reports, Vermont has disclosed a data breach linked to their healthcare domain, after the victim whose records were exposed reported the problem.
Steve Ragan | 25 Nov | Read more
Over the weekend, NRC Handelsblad, a Dutch newspaper, reported that the NSA has infected more than 50,000 networks with malware globally. This report was followed by one in the New York Times, detailing the lengths the NSA is willing to go to in order to obtain more power.
Steve Ragan | 25 Nov | Read more
Twitter has implemented perfect forward secrecy on traffic to its website, in order to prevent communications from easily being captured and decrypted en masse. The new measure is one that clearly takes aim at the bulk data collection being done by the NSA.
Steve Ragan | 25 Nov | Read more
While most of them have been fixed, a report recently delivered to Congress highlighted several security problems on Healthcare.gov, most of which could've easily been addressed by a basic security check. Said check didn't happen however, as HealthCare.gov was given a security waiver prior to launch.
Steve Ragan | 22 Nov | Read more
When it comes to the readiness of critical IT requirements, including availability, security, as well as backup and recovery, business leaders in some of the world's top markets lack confidence in their ability to cope and recover from disruptive incidents.
Steve Ragan | 21 Nov | Read more
Previously, in September and earlier this summer, Microsoft and Symantec made headlines by taking down major botnets. Now, one expert calls their actions ineffective, and wonders if the only reason they happened was to garner good press.
Steve Ragan | 20 Nov | Read more
Michael Bruemmer, vice president of Experian Data Breach Resolution, outlines some the common mistakes his firm has seen as organizations deal with the aftermath of a breach during a presentation for The International Association of Privacy Professionals (IAPP) Privacy Academy.
Steve Ragan | 18 Nov | Read more
AntiSec activist to serve 10 years in federal prison for his attack on geopolitical intelligence firm Strategic Forecasting Inc.
Steve Ragan | 15 Nov | Read more
People say they are responsible for their own online safety, yet do very little to protect the information they share on social media, which increases the risks to themselves and employers, a study shows.
Steve Ragan | 15 Nov | Read more
A popular Mac news website, MacRumors, reported that their forums were compromised on Tuesday. The attack led to the exposure of some 860,000 accounts, and is said to be similar to the one that took place on the Ubuntu forums earlier this summer.
Steve Ragan | 13 Nov | Read more
According to a report from ThreatTrack Security, the company responsible for VIPRE Anti-Virus, a majority of malware analysts say that they've investigated or addressed a security incident that was never disclosed by their company. Moreover, many of those unreported incidents were caused by a senior executive within the organization.
Steve Ragan | 08 Nov | Read more
Nginx (pronounced engine-x), a lightweight alternative to Apache when it comes to webservers, installs access and error logs that are world-readable by default. Intitially, the security advisory related to the issue noted that the impact was low, but researchers at CloudPassage and Redspin have discovered that the issue has a much wider reach, including current source-based installations.
Steve Ragan | 07 Nov | Read more