More than half of that malevolent traffic came from network-edge devices such as VPNs (a whopping 33 percent), firewalls (16 percent) and routers (7 percent), suggesting "that the security devices and applications themselves were either compromised … or that these 'protection' systems are not detecting malicious traffic coming from the network endpoints inside the protected perimeter," Filkins writes, noting that many vulnerabilities went unnoticed for months. Connected endpoints such as radiology imaging software and digital video systems also accounted for 17 percent of malicious traffic.
At the hearing of the Energy & Commerce Committee's Subcommittee for Commerce, Manufacturing and Trade, executives from Target and Neiman Marcus testified that their breaches occurred when data from the magnetic stripes on credit and debit cards was collected in the clear at the point of sale before being encrypted as payment transactions were processed.
With the cost of cyber-crime rising at an alarming rate and several organizations calling attention to the increase in the use of exploits in the wild, Hewlett-Packard's cyber-risk report this year focuses on specific areas of the attack surface, the technologies that define them, and the vulnerabilities and actors that drive how they are abused.
Data Privacy Day is recognized globally, and plans to celebrate it are scheduled for such countries as Australia, Japan, India, Belgium, Canada and the United States, according to the alliance. In a recent survey of IT professionals, data protection technology vendor Iron Mountain found that data loss is the top concern and that managing the skyrocketing volumes of data is the toughest challenge.
Jacob West, CTO of Hewlett-Packard's Enterprise Security Products, explains why application misconfiguration is an issue and offers advice on how to limit the risks.
Several payment system experts testifying at a Senate hearing Feb. 3 urged the adoption of chip card technology in the wake of high-profile breaches at Target and Neiman Marcus.
A banking executive in the Midwest, who asked to remain anonymous, worries that banking institution routing numbers and even checking account numbers might also have been breached. If Target's website was breached, this source questions what other information linked to customer accounts, beyond PII, could have been exposed.
An Israeli security team says a vulnerability in Samsung's Knox security platform enables malicious software to track e-mails and record data communications.
Security has been a bit of a game of catch up. It is complicated by a couple of ongoing challenges: Like diet and exercise, people (and the companies for which they work) pay lip service to good security practice, but usually skimp, forget or get lazy. On top of that, the emergence of bring-your-own-device (BYOD) approaches complicated things significantly.
Bitcoin as a currency, itself, seems to function as-advertised, according to Andrew Brandt, director of threat research at Blue Coat. The math surrounding the creation and transmission of value through the currency exchange network is scientifically sound. As global commerce will only increase, e-currency in general, and in particular Bitcoin, could play a major role in how consumers and enterprises alike pay for goods and services. But first, it has to solve its security issues.