Search results for: supply chain compromise

Week in review: Unprecedented iOS, OS X malware, secure messaging tech, Silk Road 2 takedown

Here’s an overview of some of last week’s most interesting news, reviews and articles: Researchers audit the TextSecure encrypted messaging app A group of German researchers have audited TextSecure, the popular open source encrypted messaging application for Android, and the news is good. Flaw in Visa’s contactless payment system could lead to fraud Researchers from Newcastle University have discovered a serious flaw in Visa’s contactless credit cards which could allow attackers to siphon large amounts … More

Staples customers likely the latest victims of credit card breach

International office supply chain store Staples is likely the latest retailer to have suffered a credit card breach. “Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach. Staples says it is investigating ‘a potential issue’ and has contacted law enforcement,” Brian Krebs reported on Monday. Indications that cash registers at … More

Securing the U.S. electrical grid

The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather. The result is the Securing the U.S. Electrical Grid report, and talking about critical security challenges we have Dan Mahaffee, the Director of Policy at CSPC. … More

What influences corporate security strategies?

Sixty eight percent of businesses stated that the NSA breach by Edward Snowden and the number of PoS system breaches in the past year were the most impactful in terms of changing security strategies to protect against the latest threats. The findings are part of a new CyberArk survey – developed through interviews with 373 C-level and IT security executives across North America, Europe and the Asia-Pacific. The majority of organizations surveyed believe that attacks … More

Google catches India with fake certificates

As the world becomes more dependent, and some might say blindly so, on digital certificates it’s only natural that attackers will seek to circumvent this trust. Whether because the Indian government was complicit or a victim of hacking in the issuance of certificates that impersonated Google, the result is the same – individuals, businesses, and even many governments placed blind trust in digital certificates and as such we’re all the victims. Right now, every enterprise … More

Week in review: OpenSSL Heartbleed bug, Windows XP reaches end of line

Here’s an overview of some of last week’s most interesting news, interviews, reviews and articles: Does IP convergence open you up to hackers? Recent reports indicate that unauthorized persons gained access to Target’s network using credentials stolen from a company that worked on the company’s refrigeration, heating, ventilation and air conditioning. The ongoing investigation will have to determine whether this was the root cause of the Point-of-Sale (POS) malware, or was a parallel attack. Whichever … More

New Android devices sold with pre-installed malware

A wide range of smartphones and tablets manufactured by Samsung, Motorola, Asus and LG Electronics have apparently been compromised with malicious apps before being sold to unsuspecting clients. The claim has been made by David Jevans, founder and CTO of Marble Security, who discovered the problem after a potential customer complained that the company’s mobile security management platform detected Netflix apps on several of its employees’ devices as malicious. As it turned out, they were … More

Financial institutions must look beyond their own defensive perimeters

Lookingglass Cyber Solutions released today the results of a recent study conducted on global financial institutions and the risks introduced by their trusted partners and providers, and they revealed that 100% of third-party networks sampled showed either signs of compromise or increased risk. This study demonstrates that third-party networks extend the attack surface and introduce risks that often go overlooked. It’s a lesson that companies such as Target are learning the hard way: Originally believed … More

Experts offer cyber security forecast for the year ahead

Kroll released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks. 1. NIST and similar security frameworks will become the de facto standards of best practices … More

Cyber threats organisations will deal with in 2014

The threat landscape is constantly evolving, and it’s an enterprise’s job and duty to keep up with the changes and do the best it can to protect its data, employees and networks. According to the recently published report by Georgia Tech Information Security Center on emerging cyber threats, in 2014 organisations can expect to deal with the issue of security vs. usability when it comes to the data they store in the cloud, insecure connected … More

Week in review: Data broker databases breached, Apple Touch ID hack, and possible solution to click fraud problem

Here’s an overview of some of last week’s most interesting news, reviews and articles: IE 0-day attack reports push ISC to raise official threat level FireEye researchers have managed to shed some light on the in-the-wild attacks leveraging the latest discovered Internet Explorer zero-day vulnerability (CVE-2013-3893), and have tracked it back to the Chinese hacking group that hit Bit9 earlier this year. Free guide to iOS 7 The new version of iOS marks a notable … More

Data broker databases breached, stolen info used by ID theft service

Stolen users information is regularly sold and bought online by cyber crooks and attackers, and many services have sprung up to meet the demand for information that can be used to compromise online accounts and facilitate identity theft. Among them is SSNDOB (located at ssndob[dot]ms), which has been around for at least two years and has been used by some 1,300 customers to look up personal data and financial data – including Social Service numbers … More