Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Chinese hackers reportedly exploited the infamous “Heartbleed” vulnerability in OpenSSL to compromise Community Health Systems and steal patient data.
A recent security bulletin released by Microsoft as part of the August 2014 Patch Tuesday can lead to a crash on some systems, the company said in a knowledge base article.
Supervalu and Albertsons are notifying customers that information associated with their payment cards might have been stolen after hackers broke into systems that processes credit and debit card transactions.
In an open letter to Automotive industry CEOs, a group of security researchers called upon automobile manufacturers to build cyber-security safeguards inside the software systems powering various features in modern cars.
US Investigations Services (USIS), a Department of Homeland Security (DHS) contractor that conducts background checks for the agency, has been the target of a cyberattack that appears to have been launched by a state-sponsored entity.
Target said that t its second quarter financial results are expected to include gross expenses of $148 million, partially offset by a $38 million insurance receivable, related to the December 2013 massive data breach.
P.F. Chang's said that an intruder may have stolen some data from certain credit and debit cards that were used during specified time frames at 33 P.F. Chang's China Bistro branded restaurant locations in the continental United States.
Mozilla warned that it mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process.
According to a recent survey of senior C-level executives, CISOs are often viewed simply as convenient scapegoats in the event of a headline-grabbing data breach.
Researchers at FireEye have analyzed the operations of the advanced persistent threat (APT) group dubbed "Pitty Tiger," and determined that it might have been active since as far back as 2008.

FEATURES, INSIGHTS // Incident Management

rss icon

Marc Solomon's picture
With the right information, security professionals can quickly pivot from detection to a full understanding of the scope of the outbreak and take action to head off wider compromises
Joshua Goldfarb's picture
Getting to the root cause involves a level of understanding beyond that of simply identifying that a system in infected. We need to understand what specifically enabled or facilitated the infection.
Joshua Goldfarb's picture
Amidst recent headlines, I am concerned that as a security community, we are losing sight of an important principle that is very important to remember: not all intrusions involve malware.
Joshua Goldfarb's picture
An organization that keeps records of its security incidents should be able to study that data to understand the top ways in which it is generally becoming compromised.
Mark Hatton's picture
Having a CISO not only solves the diffusion of responsibility problem by putting one person in charge, it also helps to transform the security culture in your organization.
Marcus Ranum's picture
There are two ways to start establishing security metrics. One is what I think of as the “bottom up” approach and the other being “top down”. For best results you might want to try a bit of both.
Torsten George's picture
In order to find the needle in the haystack, it is imperative to have all necessary data available to diagnose the patterns that point to an advanced persistent threat or sophisticated cyber-attack.
Mark Hatton's picture
The fall of a high-profile CEO due to security concerns makes me envision a scenario where security is now given a more prominent role on the executive team, with more emphasis placed on avoiding the breach in the first place.
Marcus Ranum's picture
Don't ask your boss, “what metrics should I collect?” Metrics are 'produced' not 'collected' and you need to spend time figuring out what metrics are appropriate for your organization.
Mike Tierney's picture
Implementing an employee monitoring program and putting the three Ds process into place can act as a strong means of deterring inappropriate behavior or malicious intent by insiders.