Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Governance, Risk and Compliance, Compliance Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

News briefs

The federal government suffered another data breach as two laptops were stolen from U.S. Navy recruiting stations in New Jersey.

The Naval Criminal Investigative Service and local authorities investigated the thefts, which took place at recruiting stations in Jersey City and Trenton.

The breach occurred weeks after the personal information of more than 100,000 Navy and Marine Corps personnel were mistakenly listed on the Naval Safety Center website.

 

The United States is not sufficiently prepared for a cyberattack, a State Farm Insurance strategic consultant told the U.S. Senate Subcommittee for Homeland Security and Government Affairs.

Karl Bondell, who heads up the Cyber Security Working Group of the 160-member Business Roundtable, an association of CEOs and lending companies, presented a group report to the Federal Financial Management Subcommittee, saying the nation lacks coordination between the public and private sectors in the event of an internet outage.

 

Hackers have warmed to using new tools for software developers in a new technique called "fuzzing."

Artificial intelligence tools are designed to mimic human intelligence by trying to force abnormal responses in applications to determine if bugs are present.

The method is also being widely used by hackers who are sharing their findings with the underground malicious community in instant relay chat rooms to rapidly develop new threats.

 

The popularity of eBay and its subsidiary payment company PayPal have made it the biggest target of phishing attacks, according to research done by Sophos. Through the company's global network of spam traps this year, 54.3 percent of a phishing mail targeted PayPal users, while an additional 20.9 percent went after eBay users.

 

Microsoft announced it will push its latest version of Internet Explorer as a security patch through Automatic Updates (AU) later this year. The company said that the security upgrades in IE7 are large enough to warrant the move, but some security experts claim that by going through AU the company is breaking its promise to only push security upgrades through the installer.

 

Intel reported that several vulnerabilities in wireless drivers for its popular Centrino systems could lead to remote code execution. Experts said that an attacker could write a WLAN virus that could jump from one laptop to another if the systems are in close proximity.

Alan Paller, director of research, SANS Institute said that he expects to see more vulnerability warnings like these in the coming months.

 

Errata: In August, we meant to say: Paul Zazzera is SVP/CIO with Time, Inc., and Dan Caprio is former CPO, U.S. Department of Commerce.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.