Latest Articles

[img_assist|nid=3771|title=|desc=|link=none|align=right|width=100|height=100]The March issue of Information Security magazine is out this week. The cover story is a look at how security information management systems need to evolve, in particular by integrating identity management with SIM in order to tie policy violations to user activity. Also, expert Andrew Jaquith writes about how to measure meaningful information security metrics. Finally, editor Marcia Savage takes on the HITECH Act’s impact on HIPAA and how health care organizations must up their security game. Download the issue here [PDF]

Read more...

[img_assist|nid=3767|title=|desc=|link=none|align=left|width=124|height=73]Humza Zaman, a co-conspirator in the hack of TJX and other companies,
was sentenced Thursday in Boston to 46 months in prison and fined
$75,000 for his role in the conspiracy. The sentence matches what
prosecutors were seeking. Read the full article. [Wired]

Read more...

[img_assist|nid=3766|title=|desc=|link=none|align=right|width=100|height=100]The takedown of 100 servers used to control Zeus-related botnets may
be a short-lived victory, security researchers said after discovering
that about a third of the orphaned channels were able to regain
connectivity in less than 48 hours. The resurrection of at least 30 command and control channels came
after their ISP found a new upstream provider to
provide connectivity to the outside world, autonomous system records
showed. Read the full article. [The Register]

Read more...

[img_assist|nid=3774|title=|desc=|link=none|align=left|width=100|height=100]A network frequently used for malware delivery was shut down Wednesday night, probably against the will of its operators. Troyak.org, an Internet service provider well-known for
serving Zeus botnets and other malware delivery methods, went dark
overnight, resulting in the shutdown of as many as 25 percent of the
world’s Zeus botnets, according to researchers. Read the full article. [Dark Reading]

Read more...

[img_assist|nid=3765|title=|desc=|link=none|align=right|width=100|height=100]New capabilities are strengthening the ZeuS botnet,
which criminals use to steal financial credentials and execute
unauthorized transactions in online banking, automated clearing house
(ACH) networks and payroll systems. The latest version of this
cybercrime toolkit offers a $10,000
module that can let attackers completely take control of a compromised
PC. Read the full article. [Network World]

Read more...

Categories: Vulnerabilities

[img_assist|nid=3763|title=|desc=|link=none|align=left|width=100|height=100]Apple has shipped a new version of its Safari browser to plug multiple serious security vulnerabilities.The Safari 4.0.5 update, available for Mac OS X and Windows, fixes flaws that could lead to remote code execution if a user is tricked into surfing to a maliciously rigged Web site.

Read more...

[img_assist|nid=3746|title=|desc=|link=none|align=right|width=100|height=100]Dennis Fisher talks with security researcher Robert “Rsnake” Hansen about how online privacy became such a mess, Google’s effect on personal privacy and the virtual impossibility of using the Internet without using Google’s services.

Read more...

Categories: Compliance, Data Breaches

[img_assist|nid=3743|title=|desc=|link=none|align=left|width=130|height=85]The Veteran Affairs Department’s inspector general has launched a criminal investigation into a physician assistant’s alleged downloading of veterans’ clinical data at its Atlanta medical center.The assistant allegedly recorded two sets of patient data on to a personal laptop for research purposes. One set included three years’ worth of patient data and another held 18 years of medical information.  Read the full story [nextgov]

Read more...

[img_assist|nid=3744|title=|desc=|link=none|align=right|width=100|height=100]In this wide ranging interview, cryptographer, Taher Elgamal, chief
security officer of Axway Inc. and  initial driving
force behind SSL, explains how applications may be better adapted to
defend against attacks and how cloud computing may alter data
protection and authentication. Read the full article. [TechTarget]

Read more...