Data Theft Security
With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.
Could a cargo ship's thwarted piracy reveal more than bullet holes and bloodstains? A theoretical view of why compromised shipping cargo information could make pirates and hijackers rich.
Visa on Wednesday released a four-page document that offers best practices for tokenization, the process by which 16-digit credit card numbers are replaced with unique symbols. The guidance is meant to reduce risk for merchants, vendors, service providers and acquiring banks. It covers such areas as detecting suspicious activity so attackers cannot compromise the token system. In addition on Wednesday, Visa, in conjunction with the National Retail Federation trade group, clarified its operating rules around storage of sensitive information. According to the card brand, issuing banks must accept a disguised or truncated card number on transaction receipts for dispute resolution. Also, merchants are permitted to store disguised or truncated card numbers to reduce the amount of data that could be retrieved by attackers. — DK
Network monitoring and managed file transfer (MFT) software vendor Ipswitch on Tuesday announced that it has acquired MFT provider MessageWay Solutions. The acquisition was made to enable Ipswitch to offer greater visibility, management and enforcement over sensitive information, the company said in a statement. The purchase adds new features to Ipswitch's existing suite of MFT solutions, including advanced analytics, multiplatform support, enterprise-wide monitoring and high-performance data translation for a variety of message formats. Terms of the deal were not disclosed. — AM
Check Point Software Technologies on Wednesday announced the acquisition of Waltham, Mass.-based security startup Liquid Machines. Israel-based CheckPoint made the acquisition to bolster its existing data security portfolio. Liquid Machines' technology is expected to be integrated into a future Check Point product suite, due out in 2011, that would enable the secure sharing of documents. Terms of the deal were not announced. — AM
By the end of the summer, the FTC hopes to release a set of "guiding principles" outlining how businesses should handle certain privacy issues.
Compliance management vendor Trustwave announced on Tuesday the acquisition of data encryption vendor BitArmor. Trustwave plans to integrate BitArmor's file- and full-disk encryption technology into its current data leakage prevention and endpoint security solution to help clients comply with regulations that are increasing the demand for encryption. Meanwhile, Symantec on Tuesday announced plans to buy Gideon Technologies, provider of IT risk automation, to better serve public-sector customers. Terms of both deals were not disclosed. — AM
A laptop containing the personal information of tens of thousands of U.S. Army soldiers, family members and U.S. Department of Defense employees was recently stolen.
American and Russian officials recently met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.
Retailers need to check their list twice to ensure the proper security measures are in place.
The case was dismissed because the plaintiff could not prove that his information was actually used fraudulently following the breach of a pharmacy benefit management provider.
Seventy-nine percent of federal government IT executives surveyed recently said unstructured data increases the security risk within their organization.
On the heels of what is believed to be the first-ever iPhone worm, hackers now have devised a way to steal data off jailbroken versions of the popular Apple device.
The FBI is dealing with new cases every week of sophisticated banking trojans being installed on PCs to swindle companies out of large amounts of money, the agency said this week.
Privacy advocates are questioning a provision of the new health care breach notification rule, which states that organizations only need to alert victims if they believe disclosure of the information "poses some harm."
Industrial giant DuPont has been hit again by a malicious insider.
The Koobface worm continues to abuse social-networking sites and draw people into other malicious sites through search engine optimization tactics.
Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services.
The deadline to comply with Massachusetts' new data security regulations -- considered among the strictest in the nation -- has been extended three months, until March 1, 2010, the state announced last week. The provisions also were updated to reflect a risk-based approach for developing a written information security policy, a move meant to assuage small businesses that have expressed concern over meeting the demands. The new language dictates that in implementing safeguards, organizations should take into account their size, the types of records they maintain and the ID theft threat they pose. — DK
New breach notification mandates for health care organizations were promulgated this week, just as $1.2 billion became available to facilitate the move to digital medical records.
Eighty percent of organizations use real data during application testing and development, but most are not confident about their ability to protect it, according to a survey released Tuesday.
The vulnerabilities could allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service.
A newly revealed banking trojan is considered one of the biggest threats on the internet because of the way it can quickly spread.
CEOs often have a rosier view of data protection in their organization than other executives, according to a study released Wednesday by the Ponemon Institute and security vendor Ounce Labs.
Symantec has been awarded $18.6 million in two federal lawsuits against distributors selling counterfeit software. The judgments were against V-Micro, based in New Jersey, and Higher Model Computer, based in Connecticut, the company announced Thursday. Symantec alleged copyright and trademark infringement and fraud against the distributors for selling counterfeit products such as Norton SystemWorks, Norton AntiVirus and pcAnywhere. — CAM
IBM researchers say they have invented a way to selectively obscure sensitive information before it is displayed on a computer screen.
Information security presents a unique set of challenges, but it also can enable business, a new Microsoft survey says.
One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.
T-Mobile has yet to release details about an alleged massive hack of its systems.
Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- State breakdowns: Anthem breach by the numbers
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Older vulnerabilities a top enabler of breaches, according to report
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- State breakdowns: Anthem breach by the numbers
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- Researchers investigate link between Axiom spy group, Anthem breach
- Top Android tablets for children riddled with security lapses, study finds
- Bulk Reef Supply website compromised, credit cards at risk
- Medical identity theft up 22 percent in 2014, annual report says
- Report: Majority of health-related websites leak data to third parties