Security Strategy, Plan, Budget

News briefs


The personal information of more than 160,000 employees of the Neiman Marcus Group was breached when a third-party consultant discovered computer equipment missing.

A menu of personal information was available on the hardware, including names, Social Security numbers, dates of birth, periods of employment, salary information and some pension information.

Company officials were unsure whether the personal information was encrypted, and CEO Burt Tansky warned employees to be on the lookout for phishing schemes.


A video posted to YouTube showed a group of union members scouring through trash outside several Chase bank locations in New York, and discovering documents containing personal customer info.

The dumpster divers — members of the Service Employees International Union — were advocating for the hiring of union members to ensure that financial services employees complied with company policies.


Researchers at SecureWorks uncovered a phishing scheme that dupes victims into unknowingly forwarding their calls to the attackers.

The scam emails tell recipients to dial a code to verify their account, but the number actually forwards calls to a number in Germany.

The attackers can then verify fraudulent transactions when banks call, according to researchers.


Apple patched a flaw in QuickTime that was exploitable on numerous web browsers and various operating systems, including Windows XP and Vista, as well as OS X.

The flaw was found during a Mac hacking contest at the CanSecWest conference in Vancouver, B.C.

The flaw was purchased for $10,000 by TippingPoint, which did not disclose details except for sharing them with Apple.


The Arlington, Va.-based Cyber Security Industry Alliance appointed Tim Bennett its president.

Bennett, regarded as an international public policy expert, replaces Liz Gasster, who served as acting executive director since December 2006. Gasster resumed her role as general counsel.


Websense bought out U.K.-based competitor SurfControl for about $400 million.

The purchase allows Websense to "compete more effectively with large global security software companies," according to chief executive officer Gene Hodges.

The purchase also allows Websense to deliver new software-as-a-service technology through BlackSpider Technologies, an on-demand provider acquired last year by SurfControl.


A hacker known by the name shinnai began the Month of ActiveX Bugs project by exposing vulnerabilities affecting OCX controls in Microsoft Office.

Microsoft said it was monitoring the MoAxB project, and was ready to investigate and fix any vulnerabilities.


Google advertising links were found to be redirecting users to malicious websites, according to researchers at Exploit Prevention Labs.

The exploit links were posing as legitimate URLs for the Better Business Bureau and They were removed a week after being discovered.


Three state banking associations filed a joint lawsuit against TJX Companies over "dramatic costs" their 300 members had incurred since a breach at the retail company was disclosed.

The breach exposed the personal information of 45 million credit card numbers.

The Massachusetts Bankers Association, the Maine Association of Community Banks and the Connecticut Bankers Association are co-plaintiffs in the lawsuit against Framingham, Mass.-based TJX.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.