Dennis Fisher talks with Dan Guido, security researcher and CEO of Trail of Bits, about the new company’s plan to help enterprises defend against targeted attacks, the way that attackers think and the value of exploits versus vulnerabilities. They also discuss a new initiative to help share security knowledge more broadly in the community.
Browsing Category: Compliance
Call it a disaster recovery drill disaster. The loss of four magnetic tape cartridges containing data on 800,000 California residents was the unfortunate result of an IBM-managed disaster recovery exercise gone wrong, said Christine Lally, Assistant Secretary, Legislation & Communications for the California Technology Agency.
Adobe pushed out a security update for its Flash Player Wednesday, patching two critical holes and introducing a new silent update option. The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux and early Android builds that could lead to remote code execution according to a bulletin (APSB12-07).
The Federal Trade Commission announced on Tuesday that it had reached a settlement with RockYou over violations of the Children’s Online Privacy Protection Act (COPPA) after the Web site allowed hackers to gain access to the personal information of its 32 million members.
Dennis Fisher talks with Richard Boscovich of the Microsoft Digital Crimes Unit about the operation to take down the Zeus botnet, how the company works with partners and law enforcement on these operations and the importance of getting the word out to consumers about the danger of botnets.
Money mules – the accomplices who help move stolen funds – may be the real victims of online banking scams, not the bank customers who are the ostensible targets of fraudsters, according to new research from Microsoft.
Facing mounting privacy concerns, Apple has begun to reject mobile applications that require access to an iOS device’s unique device identifier number (UDID), according to a report from the Web site Techcrunch.
The Electronic Frontier Foundation (EFF) is sounding alarms about a collection of overly vague cyber-security bills making their way through Congress.
A French data privacy watchdog is raising alarms about Google’s data collection practices and has given the Internet search giant a little over two weeks to explain the way it handles the information of its users.
It can be hard to parse the results of the Verizon Data Breach Investigation Report (DBIR), what with the shifts from year to year in the sources of breach data collected. Last year’s report, if you recall, found a stunning drop in incidents of data theft in 2010, even as tracking sites like Datalossdb.org reported no noticeable change that year.Frankly, it’s hard to read the DBIR and not have the term “sample bias” float into your head time and again. But the DBIR report has always been a good way to understand the security Zeitgeist, and this year’s report is no different, with more normal-seeming results and a focus on the actions of ideologically motivated hacking groups which, Verizon claims, were linked to 58% of all the data stolen from customers in 2011.