Browsing Category: Compliance

Security Experts, Internet Engineers Urge Lawmakers to Drop CISPA

Categories: Compliance, Government

A long list of security, networking and computer science experts have signed a letter sent to lawmakers on Monday, asking them to drop support for CISPA and other proposed cybersecurity bills because they consider the measures overly broad and say they would infringe on users’ privacy and civil liberties. The group, which includes Bruce Schneier, Peter Neumann and others, said the bills’ focus on allowing the sharing of users’ traffic with government agencies would ”unnecessarily trade our civil liberties for the promise of improved network security.”

Read more...

A CISO’s Guide To Application Security – Part 2: The Growing Threat to Applications

Editor’s Note: This post is the second in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, Veracode Inc.

Read more...

Employee Sends Medicaid Info of 228K To His Yahoo! Account

A South Carolina man was arrested yesterday on charges stemming from a data breach that may have leaked personal information on more than 200,000 Medicaid beneficiaries in the state, including their names, phone numbers, addresses, birth dates and Medicare ID numbers according to a report in the newspaper The State.

Read more...

Slideshow: How to Avoid Getting Hacked While Traveling

VIEW SLIDESHOW How to Avoid Getting Hacked While TravelingResearcher Justin Morehouse has logged more than 100,000 miles to eight countries in the last year. His message: business travelers are at greater risk of being hacked than ever before, especially when it comes to smart phones and tablets. Now the security expert has distilled his research and first-hand experiences into some sage advice for travelling executives and VIPs. Here are eight ways you can protect yourself abroad.

Read more...

Tough Love Triumphs: SCADA Vendor Koyo Fixes Basecamp Bugs

Industrial control system vendor Koyo moved to fix vulnerabilities in its ECOM brand programmable logic controllers (PLCs) after researchers, in January, revealed that the devices were vulnerable to brute force password guessing attacks.

Read more...

A CISO’s Guide To Application Security – Part 1: Defining AppSec

Editor’s Note: This post is the first in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.by Fergal Glynn, Veracode Inc.

Read more...

Dan Guido on Attacker Math and Exploit Intelligence

Dennis Fisher talks with Dan Guido, security researcher and CEO of Trail of Bits, about the new company’s plan to help enterprises defend against targeted attacks, the way that attackers think and the value of exploits versus vulnerabilities. They also discuss a new initiative to help share security knowledge more broadly in the community.

Read more...