Data Theft Security

Tax season: The IRS is the least of your concerns

Tax season: The IRS is the least of your concerns

With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.

Future crimes: Are WikiLeaks, piracy and malware related?

Could a cargo ship's thwarted piracy reveal more than bullet holes and bloodstains? A theoretical view of why compromised shipping cargo information could make pirates and hijackers rich.

Visa issues tokenization guidance, clarifies rules around storage of card numbers

By

Visa on Wednesday released a four-page document that offers best practices for tokenization, the process by which 16-digit credit card numbers are replaced with unique symbols. The guidance is meant to reduce risk for merchants, vendors, service providers and acquiring banks. It covers such areas as detecting suspicious activity so attackers cannot compromise the token system. In addition on Wednesday, Visa, in conjunction with the National Retail Federation trade group, clarified its operating rules around storage of sensitive information. According to the card brand, issuing banks must accept a disguised or truncated card number on transaction receipts for dispute resolution. Also, merchants are permitted to store disguised or truncated card numbers to reduce the amount of data that could be retrieved by attackers. — DK

Ipswitch buys managed file transfer firm MessageWay

By

Network monitoring and managed file transfer (MFT) software vendor Ipswitch on Tuesday announced that it has acquired MFT provider MessageWay Solutions. The acquisition was made to enable Ipswitch to offer greater visibility, management and enforcement over sensitive information, the company said in a statement. The purchase adds new features to Ipswitch's existing suite of MFT solutions, including advanced analytics, multiplatform support, enterprise-wide monitoring and high-performance data translation for a variety of message formats. Terms of the deal were not disclosed. — AM

Check Point buys security startup Liquid Machines

By

Check Point Software Technologies on Wednesday announced the acquisition of Waltham, Mass.-based security startup Liquid Machines. Israel-based CheckPoint made the acquisition to bolster its existing data security portfolio. Liquid Machines' technology is expected to be integrated into a future Check Point product suite, due out in 2011, that would enable the secure sharing of documents. Terms of the deal were not announced. — AM

FTC working on new privacy guidelines

By

By the end of the summer, the FTC hopes to release a set of "guiding principles" outlining how businesses should handle certain privacy issues.

Trustwave, Symantec make acquisitions

By

Compliance management vendor Trustwave announced on Tuesday the acquisition of data encryption vendor BitArmor. Trustwave plans to integrate BitArmor's file- and full-disk encryption technology into its current data leakage prevention and endpoint security solution to help clients comply with regulations that are increasing the demand for encryption. Meanwhile, Symantec on Tuesday announced plans to buy Gideon Technologies, provider of IT risk automation, to better serve public-sector customers. Terms of both deals were not disclosed. — AM

Thief steals U.S. Army laptop from employee's home

By

A laptop containing the personal information of tens of thousands of U.S. Army soldiers, family members and U.S. Department of Defense employees was recently stolen.

U.S. and Russian officials talk cyberissues

By

American and Russian officials recently met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.

Secure customer loyalty with the gift of data security

Secure customer loyalty with the gift of data security

Retailers need to check their list twice to ensure the proper security measures are in place.

Lawsuit against breached Express Scripts dismissed

By

The case was dismissed because the plaintiff could not prove that his information was actually used fraudulently following the breach of a pharmacy benefit management provider.

Gov't executives cite unstructured data as top concern

By

Seventy-nine percent of federal government IT executives surveyed recently said unstructured data increases the security risk within their organization.

Attack tool can hijack data off unlocked iPhones

By

On the heels of what is believed to be the first-ever iPhone worm, hackers now have devised a way to steal data off jailbroken versions of the popular Apple device.

FBI: Money mule scams top $100 million

By

The FBI is dealing with new cases every week of sophisticated banking trojans being installed on PCs to swindle companies out of large amounts of money, the agency said this week.

Privacy groups blast new health care notification rule

By

Privacy advocates are questioning a provision of the new health care breach notification rule, which states that organizations only need to alert victims if they believe disclosure of the information "poses some harm."

DuPont sues employee for trade secrets data breach

By

Industrial giant DuPont has been hit again by a malicious insider.

Koobface spreading through thousands of IP addresses

By

The Koobface worm continues to abuse social-networking sites and draw people into other malicious sites through search engine optimization tactics.

Identity fraud ring busted in New York

By

Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services.

Mass. data law revised

By

The deadline to comply with Massachusetts' new data security regulations -- considered among the strictest in the nation -- has been extended three months, until March 1, 2010, the state announced last week. The provisions also were updated to reflect a risk-based approach for developing a written information security policy, a move meant to assuage small businesses that have expressed concern over meeting the demands. The new language dictates that in implementing safeguards, organizations should take into account their size, the types of records they maintain and the ID theft threat they pose. — DK

Health care breach notification mandated

By

New breach notification mandates for health care organizations were promulgated this week, just as $1.2 billion became available to facilitate the move to digital medical records.

Survey: Data at risk in app testing and development

By

Eighty percent of organizations use real data during application testing and development, but most are not confident about their ability to protect it, according to a survey released Tuesday.

Mac OS X 10.5.8 update fixes 18 flaws

By

The vulnerabilities could allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service.

Black Hat: Clampi banking trojan spreading rapidly

By

A newly revealed banking trojan is considered one of the biggest threats on the internet because of the way it can quickly spread.

Report: Data attacks more frequent than CEOs think

By

CEOs often have a rosier view of data protection in their organization than other executives, according to a study released Wednesday by the Ponemon Institute and security vendor Ounce Labs.

Symantec wins piracy cases

By

Symantec has been awarded $18.6 million in two federal lawsuits against distributors selling counterfeit software. The judgments were against V-Micro, based in New Jersey, and Higher Model Computer, based in Connecticut, the company announced Thursday. Symantec alleged copyright and trademark infringement and fraud against the distributors for selling counterfeit products such as Norton SystemWorks, Norton AntiVirus and pcAnywhere. — CAM

IBM develops selective data hiding on the fly

By

IBM researchers say they have invented a way to selectively obscure sensitive information before it is displayed on a computer screen.

Security can drive business, Microsoft survey finds

By

Information security presents a unique set of challenges, but it also can enable business, a new Microsoft survey says.

Security expert wants feds to recruit volunteer pen testers

By

One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.

Hackers claim they raided sensitive T-Mobile information

By

T-Mobile has yet to release details about an alleged massive hack of its systems.

GAO report finds security lagging at federal agencies

By

Federal agencies continue to be lax in their implementation of information security programs, according to a new report from the Government Accountability Office.

Sign up to our newsletters

POLL