Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

eBay said Wednesday cyberattackers broke into its database with customer passwords and other personal data in what could be one of the biggest breaches of its kind.
Hortonworks announced that it has acquired data security company XA Secure for an undisclosed sum.
SanDisk announced the availability of its first self-encrypting solid state (SSD) drive, the X300s SSD.
IBM unveiled a suite of security software and services designed to help organizations defend against advanced cyber threats and protect sensitive data.
NetSupport, a remote management tool used in some enterprises can be exploited by attackers to remotely connect to a host without needing any passwords, according to a Trustwave researcher.
Researchers from FireEye have discovered a nasty zero-day exploit that is being used in targeted attacks and bypasses the ASLR and DEP protections in Microsoft Windows.
NIST has removed the Dual_EC_DRBG, or Dual Elliptic Curve Deterministic Random Bit Generator from its draft guidance on random number generators.
Verizon expanded its 2014 Data Breach Investigations Report to include security incidents that didn't result in breaches and provided industry-by-industry analysis of various threat types.
Germany's aeronautics and space research center has for months been the target of a suspected cyber attack by a foreign intelligence service, according to reports.
The Heartbleed vulnerability is "catastrophic” for SSL and Internet security, Bruce Schneier, told SecurityWeek. “On the scale of 1 to 10, this is an 11,” he said. Here is what organizations need to know and what actions they should take.

FEATURES, INSIGHTS // Data Protection

rss icon

Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Torsten George's picture
While security monitoring generates big data, in its raw form it remains only a means to an end. Ultimately, information security decision making should be based on prioritized, actionable insight derived from the data.
Mike Tierney's picture
The insider threat is very much a reality, and because it hides in the details, it’s one of the biggest threats businesses can encounter.
Gil Zimmermann's picture
IT managers focused on protecting technology infrastructure would do well to assess whether cloud service providers have better security systems in place than their own corporate IT resources allow.
Dr. Mike Lloyd's picture
Every security team that can fog a mirror is asking the question “what just happened at Target, and how do we make sure that doesn’t happen to us?”
Michael Callahan's picture
The threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Gil Zimmermann's picture
As 2013 wanes, it makes sense take a few steps back and look at the state of the cloud and how it fits into the plans our customers and friends have been sharing with us. As we move through 2014, will your teams be driving new value, or responding to yesterday’s threats?
Torsten George's picture
What steps can be taken to implement and leverage incident response management as a valuable weapon for limiting material or reputational damages associated with data breaches?