The rigidity of web application security controls has left the enterprise vulnerable to data breach.
Every business that operates a cardholder environment to transact with its customers is required to maintain compliance to the PCI DSS international standard for security. Penalties for lack of compliance have become costly yet compliance does not equal security.
Panelists at the closing keynote at SC Congress 2014 in Chicago urged attendees to work with the FBI to unravel breaches.
Members of the USPS testified before a House subcommittee Wednesday, drawing criticism over the delay in its breach notification to impacted employees.
Brian Krebs reported on Monday that malware found in Staples stores was observed to be communicating with command-and-control networks used by attackers in the Michaels payment card breach.
Boston-based Brigham and Women's Hospital is notifying roughly 1,000 patients that their personal information may have been on a laptop computer and cell phone stolen from a physician during an armed robbery.
Democrats on a House oversight committee have asked Secretary of State John Kerry when the breach was first discovered.
A number of Websense threat predictions point back to the vulnerable healthcare industry as a major target for cybercriminals.
The AP reported on Sunday that the State Department had its unclassified system compromised. The news follows the breach of three other government entities' systems.
Central Dermatology Center is notifying more than 76,000 patients that one of its servers had been compromised by malware for roughly two years, and their personal information may or may not have been accessed.
It's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie many breaches.
Seattle Public Schools is notifying parents that personal information on as few as 8,000 special education students was improperly released.
The personal information included card and linked account numbers, card expiry dates and cardholder names.
Two debt sellers allegedly posted the people's personal information on unencrypted, publicly accessible spreadsheets that were post online.
If organizations are looking to raise their security profile, they should certainly examine these commonly overlooked areas.
BrowserStack experienced an attack on Sunday that resulted in partial user information being accessed and bogus emails being sent to about 5,000 users.
The attacks were detected and incident response began immediately, with unscheduled maintenance being performed to mitigate the threat.
The American Postal Workers Union filed charges to the National Labor Relations Board against the Postal Service for failing to notify them earlier about the recent breach.
As many as 75,000 customers who received services at a Visionworks location in Maryland are being notified that in an investigation is underway to locate a missing database server potentially containing their information.
In a notification letter to customers, Amex said law enforcement has arrested an individual possessing stolen personal and account information.
A Cyphort Labs report provides an in-depth analysis of Backoff, BlackPOS and FrameworkPOS, malware used in some of the biggest breaches.
Attackers are using stolen email addresses to try to steal victims' bank account numbers.
Payment cards used at Grand Casino Mille Lacs were subsequently used to make fraudulent purchases, and may have been compromised by an unauthorized individual who used malware.
A Canadian federal bill that would force companies to notify individuals of breaches moved a step closer to being law in October.
British Columbia's provincial government is notifying 15,000 individuals after a privacy breach in its Wildfire Management Branch.
Home Depot's breach could have resulted from a vulnerability in Windows that was patched too late into the attack.
The United States Postal Service (USPS) announced on Monday that an investigation is underway regarding a cyber security intrusion into some of its systems.
Many organizations over invest in network security solutions—relying on traditional antivirus to secure their endpoints.
A letter sent to Congressional leaders states that legislation to address data breaches should cover all entities that handle sensitive information.
Home Depot announced on Thursday that approximately 53 million email addresses were stolen in the data breach that the company confirmed in early September.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Vulnerabilities identified in three Advantech products
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context