“I’ve been around a long time in infosec, and this is one of the scariest bugs I’ve seen, period,” said Jake Williams, a technical analyst with the Department of Defense, with more than a decade of experience and a certified instructor with the SANS Institute. “It’s not a joke.”
It's unlikely, however, that average users would pick up on the error and reclaim their files
More than half of that malevolent traffic came from network-edge devices such as VPNs (a whopping 33 percent), firewalls (16 percent) and routers (7 percent), suggesting "that the security devices and applications themselves were either compromised … or that these 'protection' systems are not detecting malicious traffic coming from the network endpoints inside the protected perimeter," Filkins writes, noting that many vulnerabilities went unnoticed for months. Connected endpoints such as radiology imaging software and digital video systems also accounted for 17 percent of malicious traffic.
At the hearing of the Energy & Commerce Committee's Subcommittee for Commerce, Manufacturing and Trade, executives from Target and Neiman Marcus testified that their breaches occurred when data from the magnetic stripes on credit and debit cards was collected in the clear at the point of sale before being encrypted as payment transactions were processed.
With the cost of cyber-crime rising at an alarming rate and several organizations calling attention to the increase in the use of exploits in the wild, Hewlett-Packard's cyber-risk report this year focuses on specific areas of the attack surface, the technologies that define them, and the vulnerabilities and actors that drive how they are abused.
Data Privacy Day is recognized globally, and plans to celebrate it are scheduled for such countries as Australia, Japan, India, Belgium, Canada and the United States, according to the alliance. In a recent survey of IT professionals, data protection technology vendor Iron Mountain found that data loss is the top concern and that managing the skyrocketing volumes of data is the toughest challenge.
Jacob West, CTO of Hewlett-Packard's Enterprise Security Products, explains why application misconfiguration is an issue and offers advice on how to limit the risks.
Several payment system experts testifying at a Senate hearing Feb. 3 urged the adoption of chip card technology in the wake of high-profile breaches at Target and Neiman Marcus.
A banking executive in the Midwest, who asked to remain anonymous, worries that banking institution routing numbers and even checking account numbers might also have been breached. If Target's website was breached, this source questions what other information linked to customer accounts, beyond PII, could have been exposed.
An Israeli security team says a vulnerability in Samsung's Knox security platform enables malicious software to track e-mails and record data communications.