Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The recently-disclosed data breach at Neiman Marcus has turned out to not be as bad as the company originally thought.
The University of Maryland is the latest victim of a significant data breach, stemming from what school officials described as a “sophisticated computer security attack” that exposed records containing personal information.
Tacoma, Washington-based IID, launched a new information sharing platform this week, where government agencies and enterprises can share data about the latest threats and ongoing attacks.
Bit9 announced that it has raised $38.25 million in new funding, and has acquired Carbon Black, a provider of incident response solutions.
According to a recent survey of security and compliance professionals from U.S. government agencies and contractors, a dysfunctional Congress could be “the biggest security threat we face.”
Target will spend $100 million to equip its "REDcards" and store card readers in the U.S. with chip-enabled smart-card technology by the first quarter of 2015, more than six months ahead of previous plans.
St. Joseph Health System said it experienced a data security attack which exposed patient and employee data stored on server.
Security researcher Dana Taylor recounted what became a two-year odyssey between her and the company to fix software vulnerabilities in Oracle Forms and Reports.
Yahoo is warning of a attack targeting users of its email service, and initiating password resets for potentially affected accounts.
Target Corporation said that the attacker(s) behind the recent massive data breach at the retailer likely compromised its systems by using stolen credentials from a vendor.

FEATURES, INSIGHTS // Incident Management

rss icon

Dr. Mike Lloyd's picture
The fact that insurance companies – well respected by every business-centric executive – look at cyber risk and say “no, thanks” is a pretty clear indicator that something is rotten...
Marcus Ranum's picture
When you start your metrics program, you'll find that a great deal of information can be gleaned from existing data that gets stored in various places – most likely in your system logs.
Chris Hinkley's picture
The most advanced technology in the world is only as good as the people and systems behind it. Otherwise your sophisticated security device is nothing more than a paperweight.
Wade Williamson's picture
If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.
Aviv Raff's picture
Without the elements of prevention, detection, and protection all working together, threat actors will always have the advantage, and will find a way to carry out their illicit economic, political or social agendas.
Dr. Mike Lloyd's picture
Every security team that can fog a mirror is asking the question “what just happened at Target, and how do we make sure that doesn’t happen to us?”
Jeff Hudson's picture
Making decisions based on anomalies is predicated by one very important assumption—you must understand what “normal” looks like.
Torsten George's picture
What steps can be taken to implement and leverage incident response management as a valuable weapon for limiting material or reputational damages associated with data breaches?
Michael Callahan's picture
There are several steps companies can take on the server side to identify and disrupt brute force attacks.
Gil Zimmermann's picture
Understanding why passwords are so valuable to hackers can both explain and prepare enterprises to deal with potential security vulnerabilities. There are potentially hundreds of uses for stolen passwords once they are obtained.