Browsing Category: Compliance

California Attorney General Fighting for Mobile Privacy Rights

UPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies handle user data and educate users about what they intend on doing with that data.

Read more...

Non-profit Hospice Hit with Large Fine for Small Data Breach

Categories: Compliance

An Idaho non-profit hospice has been fined $50,000 for losing a laptop containing unencrypted data on 441 patients.The laptop was stolen in February 2011 from a hospice worker’s car and never retrieved, according to news accounts. But Hospice of North Idaho officials say there is no evidence the personal information has been used to commit identity theft or fraud.

Read more...

Regulator Warns Banks About DDoS Attacks, Encourages Information Sharing

Categories: Compliance, Hacks, SMB Security

In an alert issued by the Office of the Comptroller of the Currency (OCC), Deputy Comptroller for Operational Risk Carolyn G. DuChene warned financial and other critical institutions about the wave of ongoing distributed denial of service (DDoS) attacks targeting their networks. DuChene is urging the banks in particular to share data about the attacks with one another and reiterated the OCC’s expectation that banks have risk management plans designed to mitigate such attacks in place ahead of time.

Read more...

Chris Soghoian on Exploit Sales

Dennis Fisher talks with Chris Soghoian, a principal technologist at the ACLU, about the developing market for buying and selling exploits and vulnerabilities. Soghoian has been a vocal critic of exploit sales and in this podcast he discusses the reasons why and why he thinks the policymakers in Washington need to get involved.

Read more...

Report Details Coca-Cola Cyber Attack That Never was Disclosed

Categories: Compliance

In an exclusive report, Bloomberg News outlines a month-long, systematic attack on Cola-Cola’s computer systems that may have influenced the failed $2.4 billion acquisition of a Chinese juice company.

The FBI knew about it. Coca-Cola knew about it. But shareholders were kept in the dark.

Read more...

Microsoft Agrees to Modify Windows 8 Following EU Complaint

Categories: Compliance, Microsoft

Microsoft announced Wednesday it will tweak the release of its forthcoming Windows 8 operating system to comply with the European Commission, which argues that in its current state, the software fails to offer customers a browser choice screen to let them “easily choose their preferred web browser.”

Read more...

Gary McGraw on the BSIMM4 and How to Avoid Being the Slowest Zebra

Dennis Fisher talks with Gary McGraw of Cigital about the release of the BSIMM4 data, how software security programs have matured in the last four years and how the government has become distracted by cyberwar and is ignoring software security, to its detriment.

Read more...

Report: Advanced Malware Targeting Organizations up Nearly 400 Percent

There’s been a huge jump in malicious, web-based infections targeting companies in the last year, a nearly 400 percent increase from last year, according to research released today by network security company FireEye. The company’s “Advanced Threat Report – 1H 2012,” blames the jump on attackers’ ability to penetrate organizations’ usual security infrastructures.

Read more...