Security giant RSA has confirmed that hackers leveraged stolen information about its SecurID two-factor authentication offerings in a recent attack on U.S. defense contractor Lockheed Martin.
The personal data belonging to Honda and Acura customers in Canada was stolen after attackers accessed the information off the companies' e-commerce sites.
On the heels of the Stuxnet worm, Iran officials say they have discovered a new piece of malware also designed to sabotage government systems.
A BP employee lost a laptop containing the personal information of thousands of Louisiana residents who filed compensation claims after last year's devastating oil spill in the Gulf of Mexico.
The "Kneber" botnet is made up of 74,126 machines from nearly 2,500 organizations that were infected with a variant of Zeus, according to researchers at a network security firm.
Two men were indicted this week on charges of hacking into the computer systems belonging to Stens Corp., a Jasper, Ind.-based provider of parts for outdoor power equipment. According to the U.S. attorney's office in Indianapolis, Scott Burgess, 45, of Jasper and Walter Puckett, 39, of Williamstown, Ky. accessed the company's network 12 times without authorization with "the purpose of gaining commercial and personal financial benefit." The pair worked for a competitor, authorities said. Both face up to five years in prison and a $250,000 fine. -- DK
Efforts to reduce security vulnerabilities seem to be paying off, but IT administrators are not paying enough attention to application bugs, a CTO said Wednesday at the Black Hat conference in Las Vegas.
Symantec and McAfee agreed to pay a combined $750,000 to settle charges that their subscription renewal process was deceptive to home users.
Microsoft on Tuesday released a free tool to help application developers better secure their programs. The SDL (Secure Development Lifecycle) Process Template for Visual Studio Team System provides a framework -- including auditable requirements -- for building security into applications. The offering complements previous Microsoft SDL releases: Optimization Model, Pro Network and Threat Modeling Tool. Microsoft developed SDL in 2004 to address security vulnerabilities in its software. The program is credited with reducing vulnerabilities in Vista and SQL Server. — DK
Development of the smart grid faces a number of uphill climbs -- such as customer adoption and interoperability -- but security could prove of the most difficult tasks.
A federal grand jury this week indicted a disgruntled IT contractor on charges he disrupted a computer system used, among other purposes, to notify an energy company if its oil properties are leaking.
Diebold, which has fielded recent criticism over the reported insecurity of its voting machines, is now fighting off news that its ATMs also can be compromised.
The prevalence of web-based malware massively rose last year -- and the state of the economy is likely a big reason, according to an annual threat report from ScanSafe.
Despite the ongoing financial crisis, IT security spending is expected to grow this year, according to two reports from Forrester.
And so we reach the end of this year's batch of innovators. But, as we look at this subcategory, we find that it wraps the whole shebang into a neat package, defining what needs to be done to secure the enterprise (and prove it) and why.
All of us old-timers remember LanDesk from its days as part of Intel. It always was a solid suite of products. Now that it is part of Avocent, its promise as a hybrid of network and security policy management is being realized. The notion of managing the desktop and evolving that into security policy management makes a lot of sense.
The views of the visionary I spoke with from this veteran anti-malware company took the conversation in directions I had not expected. He started out by asking, "Why, if I have done everything I can to secure my enterprise, is my data still being compromised?"
I don't recall the first time I heard the term "extrusion prevention system." It was, I think, an effort on the part of some marketer to tie the notion of preventing data from unauthorized exit (extrusion) from the enterprise to the notion of unauthorized entry (intrusion). Very clever.
No matter how much things change, they stay the same. As I have pointed out, there have been massive changes in security drivers over the past 12 months. The changes have generated a new set of challenges, but, even though our encryption innovator has done a first-rate job of addressing them over the past year, the new issues are generating a sort of déjà vu picture of the encryption market.
The big question I had for Tumbleweed was, "What is email security?" Over the past two years, as we have passed products through SC Labs, I have noticed that the vendor public relations folks who we talk to seem to have a hard time differentiating between the many aspects of threats associated with email.
Wireless, is it? Everything is going wireless - well almost everything. That, in itself, poses a challenge for a wireless security company, such as this innovator. It also offers big opportunities and AirMagnet has identified and addressed them.
If you thought the UTM market was crowded, take a look at the intrusion prevention systems (IPS) market. We bluntly asked our innovator in this product space why they thought that they were innovators in such a commoditized market. The answer was immediate and unambiguous: "When a product category becomes mainstream, there are big opportunities, but you must innovate to take advantage of them."
Sometimes a different approach is needed. The notion of the UTM was developed from the need to consolidate point solutions. There are a lot of problems, of course. They cost more to buy and manage, they use more power and they need a sophisticated staff to manage them.
Sometimes you run across a company that just deserves to be selected as an innovator. You look them over and wonder why you didn't pick up on them before. Mandiant is one of those companies. There is a reason, of course. Mandiant started as a services company providing forensics, litigation support and incident response. So if you were in the product purchasing mood, you would not have run across these folks.
ArcSight gets a lot of play among security experts in the security event management (SEM)/security information manager (SIM) game.
How do you differentiate a product that keeps getting mixed up with a commoditized market, but really doesn't belong there? What differentiators do you look for that can keep you from being included in a herd where you don't belong?
I just love these folks. Take the best open source pen testing tool you can think of, put it on steroids, give it a user interface that makes it simple and fast to pen test in a production environment without losing the granularity of manual testing if you need it, and you have Core Impact. Well, almost. Every year I say that I am going to find a better tool, and I actually do comb the market -- unsuccessfully.
When your price starts at $50,000 and you are unique in your marketplace, you'd better have a good product. For Mu Dynamics, that is just where the story starts. When I first met the Mu folks, they were Mu Security. A new name later, they still are the innovators they were a couple of years ago. My conversation with a Mu visionary was an eye-opener.
This Swedish company will, I predict, set the benchmark here in the United States for how access to applications should be controlled. AppGate has helped shape the direction of network infrastructure security in Europe for some years, and now this innovator is bringing its unique thoughts to the States.
What sets these guys apart from the multifactor herd? In a word, vision. From the start, TriCipher has had the vision of evolving into a full identity management provider. That is a pretty heady ambition for a developer of multifactor authentication tools. So how does this innovator plan to make the trip from providing a piece of the puzzle to offering the whole thing, already assembled, framed and hung on the wall?
Sign up to our newsletters
SC Magazine Articles
- State breakdowns: Anthem breach by the numbers
- Malware on Lime Crime website, payment cards compromised
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- Bug in popular WordPress plugin opens up websites to SQL injection attacks
- Report: Majority of health-related websites leak data to third parties
- State breakdowns: Anthem breach by the numbers
- Carbanak APT campaign made off with $1B from banks globally
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
- Angler EK hijacks domain registrant credentials to create malicious pages
- New SSL/TLS vulnerability, FREAK, puts secure communications at risk
- Tsukuba trojan aimed at Japanese banking customers
- GAO releases report on FAA security lapses, experts remain unconcerned
- Infections caused by prevalent financial trojans dropped 53 percent last year