Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Governance, Risk and Compliance, Compliance Management, Privacy, Critical Infrastructure Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

News briefs

-Officials at TJX Cos., the parent of retailers T.J. Maxx and Marshalls, announced that a breach of its networks was more severe than originally thought.

Hackers first accessed the company’s network nearly a year earlier than originally estimated. The portion of the network processing transactions from T.K. Maxx were also likely accessed, company officials said.

-The U.S. Justice Department unveiled a previously sealed case of corporate espionage by a former DuPont scientist who allegedly stole $400 million in intellectual property from his former employer.

Gary Min was a 10-year veteran of DuPont at the time he accessed documents in 2005 with the intentions of giving them to Victrex, a corporate rival.

-A carefully-planned pharming attack on 50 financial institutions in the U.S., Europe and the Asia-Pacific region was shut down.

In preparation for the attack, hackers created mock pharming websites for each financial institution they targeted, according to researchers from Websense.

-Researchers found a critical vulnerability on Google Desktop that could allow hackers to perform searches on a victim’s PC and discover sensitive files.

An attack on the flaw could use cross-site scripting to deliver JavaScript from a vulnerable Google website to the application, thus gaining access to a user’s sensitive files.

-Leading information security nonprofit the SANS Institute was itself threatened in a zombie spam message. Johannes Ullrich and Kevin Hong, both officials at the organization’s Internet Storm Center, were threatened in an email message that researchers saw as retaliation for reporting a spammer to a DNS provider.

-Symantec announced the release of Norton 360, the security giant’s solution billed as an all-in-one defense against viruses, spyware and phishing attacks.

The product, in beta since November and offering back-up and tune-up functions, was assigned an $80 price tag by the Cupertino, Calif. anti-virus firm.

-Attackers chose not to target Google’s business-tool suite with the same vigor as Microsoft office.

Information security experts said the search giant’s Google Apps Premier Edition, unveiled in February for enterprises, will likely feature more robust security because it’s offered through the web instead of desktop software.

-The PR nightmare for the U.S. Department of Veterans Affairs worsened as the federal government reported a hard drive loss affecting 1.8 million people.

An employee from the Birmingham VA Medical Center reported an external drive missing, compromising the personal info of 1.8 million veterans.

»Errata: Due to a production error, an extraneous paragraph regarding Adobe LiveCycle appeared within the description of Trigeo Network Security’s TriGeo SIM (March issue, on page 17 of the supplement for the SC Awards 2007). We apologize for the error.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.