Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Several US financial institutions were targeted by the same computer hackers who breached the systems of JPMorgan Chase earlier this year, sources familiar with the matter said Wednesday.
Data belonging to customer of MBIA Inc., the largest bond insurer in the United States, was inadvertently made available online due to a misconfigured Web server.
Yahoo! CISO Alex Stamos said that three Yahoo Sports API servers had malicious code executed on them recently by attackers looking for vulnerable Shellshock server.
Supermarket chains Supervalu and Albertson's revealed that some of their payment processing systems have once again been breached.
Several organizations that use the GNU Bourne Again Shell (Bash) in their products have been hard at work producing software updates to address the recently discovered vulnerability dubbed "Shellshock" or "Bash Bug."
Viator, the tour-booking company acquired this summer by TripAdvisor for $200 million, is notifying roughly 1.4 million customers that their payment card data and personal details might have been compromised following a data breach.
What types of security solutions should have been used by Home Depot? What are best practices for avoiding such incidents? What steps should the retail industry take? These are just some of the questions answered by members of the security industry.
The data breach affecting Home Depot locations across the United States and Canada is estimated to have affected 56 million customer payment cards between April and September 2014.
JPMorgan Chase, one of the largest banks in the United States, has confirmed that its systems were breached this summer.
Freenode is asking users to change their passwords after some servers have been compromised by an unknown third party.

FEATURES, INSIGHTS // Incident Management

rss icon

Joshua Goldfarb's picture
Proper visibility doesn’t have to mean a deluge of uncoordinated data sources. To security operations and incident response teams, the buzz and hype should be about “big value”, not “big data”.
James McFarlin's picture
With risks to national and economic security increasing, other avenues of cyber defense are receiving attention. Improving resilience and the promising application of predictive analysis to the prevention of cyberattacks before they occur are two such areas
Mark Hatton's picture
it’s hard to build continuity under inconsistent leadership. It’s also really hard to beat the hackers when the person responsible for keeping them at bay has less job security than an NFL coach with a losing record.
Marc Solomon's picture
With the right information, security professionals can quickly pivot from detection to a full understanding of the scope of the outbreak and take action to head off wider compromises
Joshua Goldfarb's picture
Getting to the root cause involves a level of understanding beyond that of simply identifying that a system in infected. We need to understand what specifically enabled or facilitated the infection.
Joshua Goldfarb's picture
Amidst recent headlines, I am concerned that as a security community, we are losing sight of an important principle that is very important to remember: not all intrusions involve malware.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Torsten George's picture
In order to find the needle in the haystack, it is imperative to have all necessary data available to diagnose the patterns that point to an advanced persistent threat or sophisticated cyber-attack.