Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Goodwill Industries revealed that some of its customers' payment cards were compromised after the systems of a third-party vendor became infected with malware.
Federal authorities in the United States are investigating reports of cyberattacks launched against JPMorgan Chase and at least one other unnamed financial institution.
Aorato has published a report around the data breach suffered in 2013 by Target, which investigates some of the techniques used by the attackers to gain access to the company's networks.
The United States Secret Service estimated more than 1,000 businesses have been infected by the "Backoff" point-of-sale malware, and many of them are unaware they have been compromised, according to a Department of Homeland Security advisory.
Industry reactions to news that group of hackers presumably located in China managed to breach Community Health Systems, one of the largest hospital operators in the United States, and steal the records of 4.5 million patients.
The UPS Store said on Wednesday that computer systems at several of its franchised center locations had been infected with stealthy malware that went undetected by its anti-virus software and exposed customer payment data.
Chinese hackers reportedly exploited the infamous “Heartbleed” vulnerability in OpenSSL to compromise Community Health Systems and steal patient data.
A recent security bulletin released by Microsoft as part of the August 2014 Patch Tuesday can lead to a crash on some systems, the company said in a knowledge base article.
Supervalu and Albertsons are notifying customers that information associated with their payment cards might have been stolen after hackers broke into systems that processes credit and debit card transactions.
In an open letter to Automotive industry CEOs, a group of security researchers called upon automobile manufacturers to build cyber-security safeguards inside the software systems powering various features in modern cars.

FEATURES, INSIGHTS // Incident Management

rss icon

James McFarlin's picture
With risks to national and economic security increasing, other avenues of cyber defense are receiving attention. Improving resilience and the promising application of predictive analysis to the prevention of cyberattacks before they occur are two such areas
Mark Hatton's picture
it’s hard to build continuity under inconsistent leadership. It’s also really hard to beat the hackers when the person responsible for keeping them at bay has less job security than an NFL coach with a losing record.
Marc Solomon's picture
With the right information, security professionals can quickly pivot from detection to a full understanding of the scope of the outbreak and take action to head off wider compromises
Joshua Goldfarb's picture
Getting to the root cause involves a level of understanding beyond that of simply identifying that a system in infected. We need to understand what specifically enabled or facilitated the infection.
Joshua Goldfarb's picture
Amidst recent headlines, I am concerned that as a security community, we are losing sight of an important principle that is very important to remember: not all intrusions involve malware.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Torsten George's picture
In order to find the needle in the haystack, it is imperative to have all necessary data available to diagnose the patterns that point to an advanced persistent threat or sophisticated cyber-attack.
Mark Hatton's picture
The fall of a high-profile CEO due to security concerns makes me envision a scenario where security is now given a more prominent role on the executive team, with more emphasis placed on avoiding the breach in the first place.