Security News

We strive to provide our readers with information about current security threats, technologies, and practices to help them protect the personal information in their care and lower the risk of a data breach.


March 10, 2010

SFGate: "http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/03/09/urnidgns002570F3005978D8852576E1005A7991.DTL"
"LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay US$12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers. LifeLock, an Arizona company promising customers protection from identity theft, has agreed to pay US$12 million to settle charges that the company overstated its benefits and used "scare tactics" to gain subscribers."

Techworld: "How to protect your banking online - Practical steps to defend your transactions"
"Perhaps exacerbated by the global recession and shocks to the financial markets, cybercriminals have been targeting business bank accounts at increasing frequencies over the last year, catapulting the conversation about online banking security into corporate realms. With cybercriminals readjusting their focus from individual to much more lucrative business accounts, this disturbing trend is now getting the attention of authorities such as the FBI, FDIC, and Department of Homeland Security, and has been described by many as a leading cybercriminal trend for 2010."


March 9, 2010

SC Magizine: "Wyndham Hotels suffers another data breach"
"Wyndham Hotels and Resorts (WHR) recently revealed that it was the victim of another data breach after hackers broke into its computer systems and stole customer payment card data and other sensitive information."


March 8, 2010

IDG News Service: "FDIC: Hackers stole more than $120M in three months from small businesses"
"Almost all of the incidents reported to the FDIC "related to malware on online banking customers' PCs," he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions."


March 5, 2010

Bank Systems & Technology: "Most Banks Lack Key Data Privacy, Security Controls"
"According to the study, Privacy & Data Protection Practices: a Benchmark Study of the Financial Services Industry (which was sponsored by Compuware), the six areas of greatest vulnerability to privacy and data protection threats in financial organizations are: risk of a data breach, diminishment of customer loyalty and trust, malicious or negligent insiders, the risk of outsourcing sensitive and confidential data to third parties, and compliance with regulations (especially the Red Flags Rule)."


March 3, 2010

eSchool News: "Botnets continue to threaten campus networks"
"Web security experts say campus IT officials should stop using students' Social Security numbers as identifications, because about 5,900 known botnets have stolen valuable information from computers in many sectors, including higher education... Shadowserver, an organization that tracks botnet incidents in governments, education, and the private sector, unveiled the running tally of botnets days before security firm Symantec released a report March 2 showing a 5.5 percent hike in spam eMail last month, spurred mostly by botnets. Spam now accounts for 90 percent of all eMail sent within the U.S., Symantec said."


March 2, 2010

San Francisco Chronicle: "Five Tips to Keep Your Smartphone Safe"
"... as a BlackBerry smartphone owner, you need to do your part to keep your device, and all the information on it, secure; whether you're a corporate BlackBerry user on a BES or a BlackBerry Internet Service (BIS) customer, you can manage a number of quick and easy security safeguards on your own...and you'd be wise to do so if you'd prefer that personal and/or sensitive data on your device remains 'for your eyes only.'"

POUGHKEEPSIE JOURNAL: "Town's $378,000 cyber theft prompts city to insure funds"
"After computer hackers raided a Town of Poughkeepsie bank account and stole $378,000 in town funds, the City of Poughkeepsie will obtain cyber risk insurance to better protect its assets. ... The Common Council on Monday night at City Hall authorized the purchase of cyber insurance, with minimum coverage of $500,000."


March 1, 2010

FA News: "NEW LAW COULD MEAN ADDED SECURITY BURDEN FOR ADVISORS"
"The law, Massachusetts 201 CMR 17.00, establishes minimum standards for safeguarding personal information contained in both paper and electronic records. The law applies to any business or entity that owns or licenses, receives, stores, maintains, processes or otherwise has access to personal information. ... And that includes any broker-dealer or RIA with one or more clients in Massachusetts."

News & Record: "Hacker broke into Bennett College office computer"
"A Bennett College official said today that someone hacked a computer in the business office the weekend of Feb. 13, accessing personal information of potentially 1,100 employees and students."

PC World: "Data Theft Creates Notification Nightmare for BlueCross"
"Over the past five months, the company has employed a small army of workers to sort through the aftermath of what has proved to be a large and complex breach. Late last year, BlueCross and forensics company Kroll OnTrack employed 500 full-time workers and 300 part-time employees, working in two shifts, six days a week, to piece together what happened, the company said in a letter posted to the Maryland attorney general's Web site over the weekend."


February 28, 2010

The Courier: "NCISD student data exposed to public access"
"The personal information of dozens, possibly hundreds of New Caney Independent School District students was compromised when a technical support worker at GradeSpeed, a service provider contracted by the district to allow parents access to students' grades online through a program called GradeBook, accidentally posted a .cvs file containing student information on a server publicly accessible on the Internet."


February 25, 2010

eSecurity Planet: "Data Security Breach at Valdosta State University"
"Students and faculty members at Georgia's Valdosta State University joined the ranks of thousands of other colleges and university communities victimized by hackers in the past year when the school's IT department discovered someone broke into a server storing the personal data of more than 170,000 people."


February 24, 2010

eSchool News: "FCC survey shows need to teach internet basics"
"The federal government's plan to provide fast internet connections to all Americans will have to include some basic instruction in Web 101, a new survey reveals. According to the survey, nearly half of adults who don't subscribe to broadband say the internet is too dangerous for children-a finding that suggests policy makers and educators face a steep challenge in convincing much of the public of the benefits of broadband access."

Bank Systems & Technology: "IronKey Offers Device to Secure Corporate Online Banking"
"IronKey Trusted Access for Banking is a purpose-built application of the IronKey multifunction security device. Corporate banking customers plug it into a computer and enter their device password. Once the IronKey device is unlocked, its virtualized operating system automatically runs and a secure Web browser launches and goes directly to the bank's website. The locked-down Web browser is protected against malware from the host PC, and may also be configured to allow users to visit only specific websites."


February 23, 2010

KrebsOnSecurity: "[NH] IT Firm Loses $100,000 to Online Bank Fraud"
"A New Hampshire-based IT consultancy lost nearly $100,000 this month after thieves broke into the company's bank accounts with the help of 10 co-conspirators across the United States."

Washington Post: "Federal Trade Commission links wide data breach to file sharing"
"The consumer protection agency said it sent nearly 100 letters to organizations where information on customers and employees -- including health and financial data and Social Security and driver's license numbers -- leaked through peer-to-peer Web services. It warned that the security breaches could lead to identity fraud or theft, and it recommended that the groups review their policies and inform affected users."


February 22, 2010

CNNMoney.com: "Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business"
"The study found that 42 percent of organizations rate security their top issue. This isn't a surprise, considering that 75 percent of organizations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010."

Bank Info Security: "Customer Vs. Bank: Who is Liable for Fraud Losses?"
"At first this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks. ... "It will establish who is liable in the U.S. - the bank or the customer - for fraud losses that result from phishing," says Tom Wills, Senior Analyst, Security, Fraud & Compliance, Javelin Strategy & Research. "


February 20, 2010

Boston Herald: "State to firms: Protect data"
"What we're trying to do is create a culture of security around personal information," said Barbara Anthony, undersecretary of the Office of Consumer Affairs and Business Regulation. "The information in our personnel files needs to be protected just as well as information in customer files, and Massachusetts' new law does that."


February 19, 2010

EarthTimes: "ColoSpace Announces Full Compliance with the New Massachusetts Data Security Regulations (201 CMR 17.00) Which Take Effect March 1, 2010"
"ColoSpace Announces Full Compliance with the New Massachusetts Data Security Regulations (201 CMR 17.00) Which Take Effect March 1, 2010"


February 18, 2010

Valdosta State University News: "Valdosta State Issues Notification of Computer Breach"
"Joe Newton, director of Information Technology, said the breech was first detected on Dec. 11, 2009; however, unauthorized access dated back to Nov. 11, 2009. On Dec. 11, the university posted a news release that communicated the extent of the breach. http://www.valdosta.edu/news/releases/computer.121109 "

Bank Systems & Technology: "Botnet Affecting 2,500 Organizations Discovered"
"Analysts at NetWitness (Herndon, VA) announced today that they have discovered a new ZeuS botnet affecting 75,000 systems in 2,500 organizations around the world. The newly-discovered infestation, dubbed the "Kneber botnet" after the username linking the infected systems worldwide, gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities."


February 17, 2010

Bank Systems & Technology: "Fraud and ID Theft: Are One-Time Password Bank Cards the Answer?"
"Over the past few years, fraud and theft of corporate and consumer information have escalated dramatically, reaching devastating proportions worldwide. ... Simply put, the banking industry must quickly evolve its security practices to thwart unscrupulous fraud, and that evolution can only come by dramatically updating security methods to stronger, more current forms of authentication."

KrebsOnSecurity: "Hackers Steal $150,000 from Mich. Insurance Firm"
"Port Austin, Mich. based United Shortline Insurance Service Inc., an insurance provider serving the railroad industry, discovered on Feb. 5 that the computer used by their firm's controller was behaving oddly and would not respond. The company's computer technician scoured the system with multiple security tools, and found it had been invaded by "ZeuS", a highly sophisticated banking Trojan that steals passwords and allows criminals to control infected hosts remotely."


February 16, 2010

Computerworld: "Rogue PDFs account for 80% of all exploits, says researcher"
"Just hours before Adobe is slated to deliver the latest patches for its popular PDF viewer, a security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009. ... According to ScanSafe of San Bruno, Calif., vulnerabilities in Adobe's Reader and Acrobat applications were the most frequently targeted of any software during 2009, with hackers' PDF exploits growing throughout the year."

Computerworld: "Update: Adobe issues emergency PDF patches"
"Researcher questions Adobe's patch delivery consistency"


February 15, 2010

Network Computing: "Enterprises Need to Pay More Attention to Data Privacy"
"Many enterprises are still under the delusion that they can do more or less what they want with individuals' personal information. The European Union, many states (including California with its data breach law), and now Massachusetts are attempting to disabuse them of that notion. But this situation is not only about how to achieve compliance with disparate laws; it should also be a wakeup call informing enterprises that they now have to manage information for more than what they consider to be their primary business processes."

Telegram.com: "[Massachusetts] ID security deadline draws near"
"Businesses large and small have only two weeks to comply with state anti-identity theft standards imposed after massive breaches and thefts of personal information and credit card and Social Security numbers. The new state regulations require businesses to encrypt sensitive personal information of employees and customers before it is transmitted over the Internet or put on portable computers, thumb drives or cell phones that can be lost or stolen."


February 11, 2010

CBS MoneyWatch: "Online Robbery: Hackers Steal $50,000. Bank Says 'Tough Luck'"
"It's every technophobe's nightmare, but this time its true. Some $50,000 was stolen from Fan Bao's online bank account by Croatian computer hackers and the bank told him that the loss is not their problem."


February 10, 2010

DarkReading: "New Banking Trojan Discovered Targeting Businesses' Financial Accounts"
"The new Bugat Trojan, which was discovered by researchers at SecureWorks, appears to be aimed at mostly business customers of large and midsize banks. It's built for attacks that hack automated clearinghouse (ACH) and wire transfer transactions for check and payment processing -- attacks in which U.S.-based SMBs and state and local governments are losing an average of $100,000 to $200,000 per day, according to data from Neustar."


February 9, 2010

SC Magizine: "Payroll processing firm Ceridian Corp. hacked"
"A hacker recently attacked the payroll processing firm Ceridian Corp. of Bloomington, Minn. and gained access to sensitive information of employees working at 1,900 companies nationwide. "


February 8, 2010

finextra.com: "Bank slammed after hackers steal $378,000 from Poughkeepsie"
"Officials from Poughkeepsie have criticised TD Bank after hackers broke into the US town's account, stole $378,000 and transferred it to the Ukraine."


February 5, 2010

Poughkeepsie Journal: "Town unsure if insurance will cover theft"
"Town Supervisor Patricia Myers said it appears insurance could cover some of the town's losses, "but it's minimal in this sort of thing." She said it is unclear if the town has data-breach insurance that might cover some of the losses."

Washington Post: "Commerce breach of personal data just the tip of the iceberg"
"Commerce Secretary Gary Locke, addressing the worries of department employees whose personal information was released on the Internet, told them Thursday, "These failures are simply unacceptable." "


February 4, 2010

eWeek.com: "House Passes Cyber-Security Act"
"The U.S. House of Representatives approved the Cyber-Security Enhancement Act Feb. 4 by a 422-5 vote. The bill reauthorizes several National Science Foundation cyber-security programs, providing $396 million in research grants over the next four years and calls for $94 million in cyber-security scholarships."


February 1, 2010

NY Daily News: "Cyber thieves swipe Columbia laptops, get info on 1,400"
"A break-in at Columbia University has put personal information - including Social Security numbers - of 1,400 students and alumni at risk, officials said Sunday. Three laptops carrying the vital information were swiped from a locked campus office Jan. 18."


January 30, 2010

Chicago Tribune: "Social Security numbers found lying in street"
"Hundreds of sensitive, intact documents including W-2 forms, investment account balances and job applications were inexplicably swirling around Touhy Avenue and Eastview Drive on Thursday afternoon. After being tipped to the airborne paper trail, the Tribune contacted some of the people and companies listed on the documents."


January 29, 2010

SearchSecurity.com: "MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation"
"Any company that's broken into and there's potential access to personal information, regardless if it was stolen, should notify us." Scott D. Schafer, chief of the consumer protection division, Massachusetts Office of the Attorney General

Bank Systems & Technology: "Heartland Shares Lessons Learned from Its Data Breach"
"Heartland Payment Systems has gone from data breach victim to card data security expert. Although the card payment processor suffered a data breach in late 2008, lost 50 percent of its market cap shortly thereafter, and spent more than $32 million in legal fees, forensic costs, reserves for potential card brand fines and other related settlement costs, it has since designed and implemented an end-to-end encryption system that puts it ahead of many of its peers in terms of data security."


January 27, 2010

KrebsOnSecurity: "The Rise of Point-and-Click Botnets"
"According to Team Cymru, the number of Web-based botnets has continued to climb, doubling in number over the last six months. "This trend could be explained by the low cost of entry into the HTTP based botnet field: the kits are becoming more accessible and the easier user interface for HTTP botnets means that they are generally favored over more traditional control mechanisms." "

SC Magazine: "New attack against IE could expose all files on a victim's PC"
"Microsoft's popular Internet Explorer web browser suffers from several minor flaws, which, when combined, can allow an attacker to read all the files on a user's computer, according to researchers at penetration testing vendor Core Security Technologies. This new security issue came to light just days after Microsoft delivered an emergency patch to correct several other IE vulnerabilities, including at least one that was used in the recent attacks against more than 30 brand companies."


January 26, 2010

Computerworld: "Bank sues victim of $800,000 cybertheft"
"A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that could test the extent to which customers should be held responsible for protecting their online accounts from compromises."

The Register: "StopBadware morphs into standalone non-profit"
"StopBadware, the anti-malware project started four years ago at Harvard University's Berkman Center for Internet and Society, has spread its wings and become a standalone nonprofit corporation. Google, PayPal and Mozilla provided initial (unspecified) funding to get StopBadware Inc up and running."


January 25, 2010

Bank Systems & Technology: "Three Ways to Deter Cyber Crime"
"The global economic costs of cyber crime are estimated at more than one trillion dollars and costs to the U.S. at about $8 billion ... products with built-in security are absolutely essential."


January 24, 2010

PC World: "Beware the Botnets"
"The cyber attacks against Google, Adobe and a raft of other top U.S. corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states."


January 23, 2010

PC World: "'Trivial' Passwords Enabled Huge Hack"
"According to a new analysis of the hacked passwords, the most popular password used on the Rockyou site was '123456'. Ridiculously, the second most popular password was '12345' closely followed (in order) by '12345687', 'Password', 'iloveyou', 'princess', and the imaginative 'rockyou'."


January 22, 2010

10TV.com: "Personal Info Stolen From Columbus Health Workers"
"Hundreds of Columbus Public Health employees were notified Friday that personal information pertaining to some of them was stolen... Police said Friday afternoon they have a suspect who is an employee of Columbus Public Health, but no charges have been filed, 10TV's Lindsey Seavert reported."

Poughkeepsie Journal: "Myers: Town funds secure, investigation continuing"
"Supervisor Patricia Myers on Thursday assured residents the Town of Poughkeepsie's funds are secure — nine days after a computer hacker apparently breached a town bank account and stole an undetermined amount of money."


January 21, 2010

The Register: "Targeted attacks replace botnet floods in telco nightmares"
"Only one in five of the 132 senior telco security experts quizzed by DDoS security and network management specialists Arbor Networks reported the largest attacks they observed as lying within the one-to-four Gbps range last year, compared to 30 per cent in 2008. The most potent DDoS attacks recorded in 2009 hit 49Gbps, a relatively modest 22 per cent rise from the 40Gbps peak reached in 2008."


January 20, 2010

Insurance Business Review: "Philadelphia Insurance Launches New Cyber Security Liability product"
"Philadelphia Insurance Companies (PHLY) has introduced a new cyber security liability product for small and middle-market customers, which offers both first and third party coverages in one package."


January 19, 2010

Sag Harbor Express: "Online Security Breach at Suffolk County National Bank"
"On Monday, January 11, the company revealed the breach in a press release. According to the bank, Suffolk County National Bank (SCNB) "discovered through an internal security review that an unauthorized intruder accessd certain customers' Log In information via the computer server hosting SCNB's Online Banking system." "

Los Angeles Times: "Chase bank seems a bit too loose with clients' data"
"One customer recently discovered that her information had not only been shared with another company but also that the file containing the information was inadvertently posted online for all to see."


January 18, 2010

Computerworld: "User Authentication No Longer Thwarts Online Bank Thieves"
"A Gartner analyst says banks need to take more steps to prevent online fraud, because cybercrooks are outmaneuvering current authentication techniques..."


January 15, 2010

KrebsOnSecurity: "Would You Have Spotted the Fraud?"
"This particular skimmer was found Dec. 6, 2009, attached to the front of a Citibank ATM in Woodland Hills, Calif. Would you have been able to spot this?"

The Tech Herald: "SCNB hit by breach - over 8,000 clear text credentials stolen"
"Suffolk Bancorp said that the 8,378 records accounted for less than ten percent of their customer base at SCNB, but failed to explain the reasoning for leaving such information on a server in the clear."


January 14, 2010

Wired News: "Google Hack Attack Was Ultra Sophisticated, New Details Show"
"We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack," says Dmitri Alperovitch, vice president of threat research for McAfee. "It's totally changing the threat model."

Examiner.com: "Local [Shreveport] finance company throws personal documents in dumpster"
"Police say the documents came from SouthTrust Advisor's off Airline Road. The financial planning company has offices in Bossier City, Monroe and Slidell. SouthTrust would not comment on the documents."

HealthImaging: "Connecticut AG uses HITECH to sue over patient data breach "
"Connecticut Attorney General (AG) Richard Blumenthal announced Wednesday that he is suing Health Net of Connecticut for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers exposed by the security breach. Blumenthal also is seeking a court order blocking Health Net from continued violations of the Health Insurance Portability and Accountability Act (HIPAA) by requiring that any protected health information contained on a portable electronic device be encrypted."

Office Of Inadaquate Security: "FINRA notifies Lincoln National of security vulnerability"
"A vulnerability in the portfolio information system for broker-dealer subsidiaries of Lincoln National Corporation potentially exposed the records of 1,200,000 people, 18,900 of whom are New Hampshire residents."


January 13, 2010

abcNews.com: "Personal information of 15,000 Kaiser members leaked"
"Kaiser Permanente is warning 15,000 patients in Northern California that a laptop computer containing their personal information has been stolen. The theft happened in Sacramento on December 1st -- but the HMO didn't go public with details until this week."

Computerworld: "DDoS Attacks Are Back (and Bigger Than Before)"
"Distributed denial-of-service (DDoS) attacks are certainly nothing new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks."


January 12, 2010

The Register: "Hackers pluck 8,300 customer logins from bank server"
"Hackers have stolen the login credentials for more than 8,300 customers of small New York bank after breaching its security and accessing a server that hosted its online banking system. The intrusion at Suffolk County National Bank happened over a six-day period that started on November 18, according to a release (PDF) issued Monday."


January 11, 2010

InfoSecurity: "Massive cyber-fraud ring exposed"
"Nineteen individuals have been charged with conspiracy to commit wire fraud after the FBI alleged a cybercrime conspiracy costing victims more than $15 million. The fraud, said to run between March 2003 and July 2009, also targeted financial institutions, leasing companies, and power companies, insurance firms, and even web developers."

SC Magizine: "Malicious apps found in Google's Android online store"
"Rogue applications developed to steal banking credentials from users were discovered late last month in Google's Android Market online software store. The malicious programs were disguised as a legitimate mobile banking apps and were designed to steal users' online banking credentials, according to Oregon-based First Tech Credit Union, which posted a fraud alert about the threat on Dec. 22."


January 10, 2010

Chattanooga Times Free Press: "Customers alerted to BlueCross data breach"
"This week, BCBS will provide updated data to the public on exactly how many customers were exposed when 57 hard drives were pilfered in October from a storage closet at the insurer's Eastgate Town Center branch, said company spokeswoman Mary Thompson."


January 8, 2010

Campus Technology: "Penn State Malware Infections Expose Data on 30,000 People"
"Pre-Christmas malware infections have led Pennsylvania State University offices to notify nearly 30,000 people by mail about privacy breaches that may have exposed their personal information. The infections hit university computers in the Eberly College of Science (7,758 records), the College of Health and Human Development (6,827 records), and the Penn State Schuylkill campus (about 15,000 records)."

Couputerworld: "Chrome sets browser security standard, says expert"
"Dino Dai Zovi, a security researcher and co-author of The Mac Hacker's Handbook, believes that the future of security relies on "sandboxing," the practice of separating application processes from other applications, the operating system and user data."


January 7, 2010

KMTR.com: "Eugene [Oregon] School Dist. computers compromised"
"The Eugene 4J School District is trying to determine how hackers got into its servers and got access to staff records and personal information. The district's computer staff found the problem Monday, but they think the breach happened last week."


January 6, 2010

Computerworld: "Update: Heartland breach shows why compliance is not enough"
"Nearly a year after Heartland Payment Systems Inc. disclosed what turned out to be the biggest breach involving payment card data, the incident remains a potent example of how compliance with industry standards is no guarantee of security."

SearchSecurity: "Heartland breach shows PCI compliance is not enough"
"Heartland, one of the USA's s largest payment processors, had achieved PCI compliance. Yet the breach could be the largest ever, trumping that of TJX Cos. when 45 million credit and debit cards were pilfered by hackers who accessed the retailer's Wi-Fi systems."


January 5, 2010

Times Union: "Hacker steals $3M from Duanesburg schools"
"The thefts occurred between Dec. 18 and Dec. 21. The district's bank, NBT Bank, noticed the questionable money transfers on Dec. 22 and alerted the district, Superintendent Christine Crowley said."

SecurityFocus: "Zeus software behind one-in-ten botnets"
"Zeus, also referred to as Prg and Zbot, has become a popular amongst cybercriminals as a way to steal victims' financial information. Last month, a Zeus-based command-and-control server was found on a server instance hosted by Amazon cloud computing service, EC2. The discovery came a few days after one security firm warned Internet user that spammers where attempting to infect recipients with the Zeus bot."

KRVG.com: "Medical Records Found [in street]"
"Jose Diaz's walk to the grocery store led him to files with names of people, their address, phone number and social security numbers. Diaz was with his nephew walking down this street when he spotted the pile of papers blowing in the wind."


January 3, 2010

The Boston Globe: "Data breaches affect million state residents"
"One million Massachusetts residents - or 1 in 6 people - have had their credit card numbers, medical records, or other personal information leaked or stolen over the past two years, according to records provided to the Globe by state officials."


December 31, 2009

SC Magazine: "Waldec [botnet] spreading through fake New Year's e-cards"
"The botnet is spreading spam messages that contain the subject line "Happy New Year 2010" and provide a link for what the email claims to be a New Year's greeting card, Mikko Hyppõnen, chief research officer at anti-virus provider F-Secure, told SCMagazineUS.com on Thursday.  The campaign began early Thursday."

The Seattle Times: "Hacker may have accessed EWU student information"
"Eastern Washington University is trying to notify up to 130,000 current or former students whose names, Social Security numbers and dates of birth were on a computer network involved in a security breach."


December 30, 2009

USA Today: "Cybercrooks stalk small businesses that bank online"
"A rising swarm of cyber-robberies targeting small firms, local governments, school districts, churches and non-profits has prompted an extraordinary warning. The American Bankers Association and the FBI are advising small and midsize businesses that conduct financial transactions over the Internet to dedicate a separate PC used exclusively for online banking."


December 29, 2009

eSecurity Planet: "Penn State Latest University Plagued by Data Breaches"
"Penn State University gave its students an unwelcome gift over the holiday break, notifying some 30,000-plus students that a series of malware-induced data breaches at computers hosted at three different campus locations had exposed their personal information for an unknown period of time."


December 28, 2009

National Post: "Too much trust put in social networking sites..."
"Social media exploded in 2009 with Facebook alone amassing 350 million users this year. The report indicates social media will continue to grow in 2010, as businesses start to realize the value of engaging with social media. The newest threats are hackers who steal webmail or social networking accounts and then use contacts lists to extort money from other users, Mr. Stern said."


December 27, 2009

JusticeDept.com: "CDC Phishing Scam"
"Fraudulent emails referencing Centers For Disease Control (CDC) sponsored State Vaccination Program."


December 24, 2009

News4Jax.com: "Dentist's Account Missing Nearly $400K"
"I've been saving for 30 years of working and they wipe me out in a matter of weeks."


December 23, 2009

DarkReading: "Intel Website Hacked With SQL Injection"
"A Romanian hacker who goes by the handle "unu" has struck again: This time, he demonstrated how a SQL injection vulnerability left personal information in the form of passports exposed on an Intel Website. Unu, who previously exposed SQL injection vulnerabilities in The Wall Street Journal and Kaspersky Lab's Websites, this time focused on an Intel site that runs online registrations for channel partner events."


December 21, 2009

FayObserver.com: "N.C, Community College library server hacked"
"Nearly 51,000 people in North Carolina are finding out that about four months ago someone hacked into a library server containing their personal information.  Megen Hoenk, a spokeswoman for the state Community College System, said the hacker did not access Social Security numbers or driver's license numbers, which were stored on the server."


December 19, 2009

Idaho State Journal: "Phishing scam nets unwary E. Idaho bank customers"
"Citizens Community Bank officials say that on Thursday they discovered customers were being directed to a fake Web site that looked like the bank's official Web site. The bogus site asked customers to verify information by submitting their debit card number, expiration date, and personal identification number."


December 18, 2009

Security Fix: "Hackers exploit Adobe Reader flaw via comic strip syndicat"
"Rose Croke, brand development manager for King Features, said the malicious code was somehow injected into the company's Web server that handles content for its Comics Kingdom clients. Croke said the Comics Kingdom content is syndicated by roughly 50 different news sites, including Timesunion.com."


December 17, 2009

Wall Street Journal: "Insurgents Hack U.S. Drones"
"Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. "

IDG News Service: "Heartland pays Amex $3.6M over 2008 data breach"
"Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network. "


December 16, 2009

Washington Post: "House takes steps to boost cybersecurity"
"House leaders have asked the chamber's security officials to implement a new cybersecurity training regimen for aides and take additional measures to protect sensitive information from potential hackers."


December 15, 2009

Washington Post: "Hackers target unpatched Adobe Reader, Acrobat flaw"
"Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers."


December 14, 2009

Security Focus: "SQL attacks take off in last year"
"In May 2008, IBM's customers encounters about 2,500 SQL injection attacks every day. By midsummer 2009, the technology giant's product were seeing 600,000 database attacks per day on average, said Tom Cross, a security researcher at IBM. "


December 11, 2009

Reuters: "Cisco, Juniper gear vulnerable to hacking: U.S. govt"
"The U.S. government has identified flaws in equipment from four companies, including Cisco Systems Inc (CSCO.O), that hackers can exploit to break into corporate computer networks."


December 10, 2009

Washington Post: "Paper-based data breaches on the rise"
"More than one quarter of data breaches so far this year involved consumer records that were jeopardized when organizations lost control over sensitive paper documents.  Experts say those incidents came to light in large part due to a proliferation of state data breach notification laws, yet current federal proposals to preempt those state measures would allow paper-based breaches to go unreported."


December 9, 2009

ZDNet: "Zeus crimeware using Amazon's EC2 as command and control server"
"Security researchers have intercepted a new variant of the Zeus crimeware, which is using Amazon's EC2 services for command and control purposes of the botnet. The cybercriminals appear to be using Amazon's RDS managed database hosting service as a backend alternative in case they loose access to the original domain, which would result in the complete loss of access to the compromised financial data obtained from the infected hosts."


December 8, 2009

Washington Post: "La. firm sues Capital One after losing thousands in online bank fraud"
"An electronics testing firm in Louisiana is suing its bank, Capital One, alleging that the financial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. "


December 7, 2009

DarkReading: "The IPS Goes Virtual"
"Intrusion protection system (IPS) technology is gradually adapting to virtual computing, as IPS vendors add to their product lines actual virtual IPSes as well as IPSes that protect virtual machines."


December 4, 2009

Computerworld: "HSBC exposed sensitive bankruptcy data"
"In notification letters made public Thursday, the bank said it had redacted sensitive information in Chapter 13 bankruptcy proof-of-claim forms that were filed electronically, but that the information turned out to be viewable "as a result of the deficiency in the software used to save imaged documents." "


December 3, 2009

Gartner: "Where Strong Authentication Fails and What You Can Do About It"
"Fraudsters have been raiding user accounts by beating strong two-factor authentication methods. A layered fraud prevention approach can mitigate these attacks."


December 2, 2009

Computer World: "Botnet continues massive H1N1 malware campaign"
"A massive spam campaign that poses as a message from the Centers for Disease Control (CDC) asking people to register for H1N1 vaccinations remains a big problem today, a security researcher said."


December 1, 2009

Security Fix: "DC businessman loses thousands after clicking on wrong e-mail"
"The latest victim to learn this was Nigel Parkinson, president of D.C.-based Parkinson Construction, a firm with an estimated $20 million in annual revenue that has worked on some of Washington's top gathering places, including the new D.C. Convention Center and the Nationals baseball stadium."


November 30, 2009

Washington Post: "Hackers attempt to take $1.3 million from D.C. firm"
According to this recent article by Brian Krebs cyber attackers appear to be focusing heavily on property management and real estate firms, and title companies.


November 26, 2009

Boston Globe: "Sandwich loses nearly $50k to hacker"
"Police believe the hacker used a virus to attack Treasurer Craig Mayen's computer and implant a logger that monitored any keystrokes he entered. With technology similar to what is known as a sniffer, a device that tracks computer information, the hacker was able to record Mayen's security code and password as he typed them, and used that information to make withdrawals from town bank accounts."


November 25, 2009

DarkReading: "New Exploit Masquerades As Flash Player Upgrade"
"Users who click on the link are taken to a Website that advises them to update to the latest version of the Macromedia Flash Player by downloading "flashinstaller.exe." This executable is actually a banking Trojan that is known to disable firewalls, steal sensitive financial data, and provide hackers with remote access capabilities..."


November 24, 2009

Bank Systems & Technology: "Worm Targets ING Direct iPhone App"
"A computer worm is targeting iPhone users who use an application to conduct online transactions with Dutch bank ING Direct, security experts say."


November 23, 2009

SC Magizine: "Report: Cyberattacks against the U.S. "rising sharply""
"A new report prepared for Congress found that the number of cyberattacks against the U.S. government is "rising sharply" in 2009, and many of the attacks are coming from Chinese state and state-sponsored entities"


November 19, 2009

Computerworld: "SSL flaw could have been used to hack Twitter"
"A flaw in the protocol used to secure communications over the Internet could have been used to hack Twitter accounts, according to an IBM security researcher."


November 18, 2009

DarkReading: "FBI Warns Of Spear Phishing Attacks On U.S. Law Firms and Public Relations Firms"
"The FBI assesses with high confidence that hackers are using spear phishing e-mails with malicious payloads to exploit U.S. law firms and public relations firms."


November 17, 2009

"SC Magazine: Survey finds Mac, PC users are equal cybercrime victims"
"Phishing attacks are just as effective on Macs, Linux, Windows, Solaris and any operating system since they rely on tricking the user and not on malicious software or any software vulnerabilities," Randy Abrams, director of technical education at ESET, said Monday in a blog post."The Mac offers no immunity to phishing attacks and so we see a virtually equal percentage of victim representation across the board."


November 16, 2009

"Computerworld: How hackers find your weak spots"
"A look at some of the ways hackers use social networking tools to gain access to victims' systems"


November 12, 2009

"Computerworld: Flash flaw puts most sites, users at risk, say researchers"
""The magnitude of this is huge," said Mike Murray, the chief information security officer at Orlando, Fla.-based Foreground Security. "Any site that allows user-uploadable content is vulnerable, and most are not configured to prevent this.""


November 10, 2009

"SecurityFix: Eight indicted in $9M RBS WorldPay heist"
"The 16-count indictment, which names individuals from Estonia, Moldova and Russia, is the first major break in a case federal investigators are calling "perhaps the most sophisticated and organized computer fraud attack ever conducted.""


November 9, 2009

"ComputerWorld: Firefox flaws account for 44% of all browser bugs"
"According to California-based Cenzic, Mozilla's browser had the largest percentage of Web vulnerabilities over the six-month span, while Apple's Safari had the dubious distinction of coming in second. Microsoft's Internet Explorer (IE) was third, while Opera Software's flagship browser took fourth place."


November 6, 2009

DarkReading: "Reactivation of Gumblar.cn domain could have ripple effect, researchers say"
"According to researchers at ScanSafe, a new iFrame injection is pointing once again to gumblar.cn -- the malware domain that originally earned Gumblar its name."


November 4, 2009

"SecurityFix: Business e-banking and the 6-figure password"
"Denny Naugle, operations director at American Realty, said the company is drafting papers to sue their bank."


November 3, 2009

IDG News Service: FBI warns of $100M cyber-threat to small business"
"Cyberthieves are hacking into small- and medium-sized organizations every week and stealing millions of dollars in an ongoing scam that has moved about $100 million out of U.S. bank accounts, the FBI warned Tuesday."


November 2, 2009

"SecurityFix: FDIC sees Uptick in 'money mule' scams"
"The Federal Deposit Insurance Corporation (FDIC) is warning financial institutions about an uptick in scams involving unauthorized funds transfers from hacked online bank accounts to so-called "money mules," people hired through work-at-home scams to help cyber criminals overseas launder money."


October 28, 2009

"SecurityFix: Cyber crooks stole $40M from U.S. small, mid-sized firms"
"According to the FBI and other fraud experts, the perpetrators have stuck to the same basic tactics in each attack. They steal the victim's online banking credentials with the help of malicious software distributed through spam. "

InfoSecurity.com: "FBI director almost fell for phishing attack"
"Mueller confessed in a speech at the Commonwealth Club of California that he had been halfway through responding to an apparently legitimate email purporting to come from his bank when he realised something was wrong and quit."


October 27, 2009

"ComputerWorld: Judge says TD Ameritrade's proposed security fixes aren't enough..."
"A federal judge's rejection of a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit marks the second time in recent months that a court has weighed in on what it considers to be basic security standards for protecting data."


October 26, 2009

"ComputerWorld: CalOptima says data on 68,000 members may be compromised"
"Personally identifiable information on about 68,000 members of CalOptima, a Medicaid managed care plan serving Orange County, Calif., may have been compromised after several CDs containing the information went missing earlier this month. "


October 23, 2009

"IDG News Service: Trend Micro CEO: hackers hitting AV infrastructure"
"It's become an all-too-common scam: A legitimate Web site pops up a window that looks just like a real security warning. It says there's something wrong with the computer, and click here to fix it. A few clicks later, the victim is paying out US$40 for some bogus software, called rogue antivirus. "


October 22, 2009

"SC Magizine: Security report finds Chinese cyberspying threat growing"
"A new report prepared for the U.S.-China Economic and Security Review Commission has concluded that the Asian nation is likely using his sophisticated IT systems to spy on America. "


October 20, 2009

"SecurityFix: E-Banking on a Locked Down PC, Part II"
"In break-in after break-in, the perpetrators have shown their ability to slip past virtually all of the customer-dependent security barriers erected by online banks (e.g., passwords, secret questions, and token-generated one-time codes). "


October 16, 2009

"Bank Systems & Technology: Trojan Planted in Fake E-mail from IT Dept. Designed to Steal Info From Businesses"
"New York-based Trusteer, a customer protection company for online businesses, issued a security advisory that exposes and provides protection recommendations against a stealth new Zeus/Zbot phishing attack."


October 15, 2009

Security Fix: "Trojan Turns Smash & Grab Into Grab & Smash"
"Imagine being in charge of your organization's finances, and learning from your bank one morning that thieves had stolen tens of thousands of dollars from company coffers overnight using your online banking credentials. Now imagine your frustration when you go to log in to your PC to assess the damage, only to find that the computer you typically use to access the account has been kneecapped by the bad guys."


October 12, 2009

Bank Systems and Technology: "...85 percent of businesses have experienced a data breach."
"While traditional data breach threats like insider fraud and lost laptops remain, new breach threats like web application attacks and keylogging trojans are rising. As new techniques continue to emerge, no financial institution is immune. According to a recent Ponemon Institute U.S. Cost of a Data Breach Study, approximately 85 percent of businesses have experienced a data breach."


October 8, 2009

DarkReading: "Botnets Behind Most Modern Malware Infections"
"Botnets are networks of infected machines that are controlled by an attacker's command-and-control (C&C) that serves as the attack orders and a conduit for updating the malware on a victim's machine. This attack model has become a handy way for the bad guys to prevent their attacks from being detected or blocked, as well as to keep themselves hidden behind the bot army."


October 5, 2009

DarkReading: "Couple's Lawsuit Against Bank Over Breach To Move Forward..."
"An Illinois district court denied Citizens Financial Bank's request to dismiss a lawsuit that charges the bank was negligent in protecting a couple's bank account after their user name and password were stolen and used to pilfer $26,000 from their account."


October 1, 2009

eSchool News: "Computer virus steals $325K from district ..."
"The FBI is investigating what it is calling an online computer intrusion that siphoned several hundred thousands of dollars from at least one Chicago area school district's bank accounts, prompting the school district to beef up its IT network security."


September 30, 2009

Bank Systems and Technology: "At Least One Part of the Economy is Growing: Cybercrime ..."
"In case anyone thought it was getting easier to keep customer data safe, here are a few studies that will bring you back to reality."


September 28, 2009

Computerworld: "Organized Cybercrime Revealed..."
"Yes, the Mafia is formally involved in cybercrime, or so alleges the U.S. attorney for Florida, who filed charges against associates of the Bonanno crime family that included pilfering data from Lexis-Nexis."


September 25, 2009

Computerworld: "UNC data breach exposes 163,000 SSNs..."
"The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data."


September 23, 2009

Computerworld: "Construction firm sues after $588,000 online theft..."
"Over a week-long period in May, fraudsters made six transfers from the online bank accounts of Patco Construction Company, a family-owned developer in Sanford, Maine, according a copy of the lawsuit on the Washington Post's Web site."


September 20, 2009

Computerworld: "Microsoft unveils shield for critical Windows flaw as attack code looms..."
"With attack code that exploits a critical unpatched bug in Windows likely to go public soon, Microsoft wants users to run an automated tool that disables the vulnerable component."


September 22, 2009

TechRepublic: "Bank emails confidential information to wrong Gmail account!!!"
"According to various news reports and the court filing, a customer of Rocky Mountain Bank in Wyoming asked a bank employee to email loan statements to a third-party representative. Unfortunately, the bank employee sent the information to the wrong Gmail address."


September 16, 2009

Washington Post: "Data Breach Highlights Role Of 'Money Mules'..."
"The attack on Downeast Energy bears all the hallmarks of online thieves who have stolen millions from dozens of other businesses, schools and counties over the past several months. In every case, the thieves appeared more interested in quick cash than in pilfering their victims' customer databases. Nevertheless, the intrusions highlight an additional cost for victims of this type of crime: complying with state data breach notification laws."


September 14, 2009

SecurityFocus: "Miami man pleads guilty in TJX and Heartland breaches!"
"A 28-year-old Miami resident pleaded guilty on Friday to charges of conspiracy, computer and wire fraud, and aggravated identity theft stemming from the massive thefts of data from major commerce companies, such as retail giant TJX and payment processor Heartland Payment Systems."


September 12, 2009

Open Security Foundation: "Federal Data Breach Bill (H.R. 2221) Passes House"
"Yesterday, for the first time ever, a data breach notification bill actually came to a vote in the United States Congress. The House of Representatives passed by voice vote H.R. 2221, the Data Accountability and Trust Act. This bill and others have been introduced many times over the past several sessions of Congress, but unlike other similar bills and this bills' predecessors, H.R. 2221 not only came out of committee, but was voted on and passed."


September 8, 2009

Computerworld: "Seven Deadly Sins of Building Security"
"You've got a few security guards and your CCTV system is up to snuff. You've got your building security covered, right? Think again. While many organizations are taking the steps to ensure their building is secure, many are ignoring basic pieces of the puzzle that is physical security in and around a facility."


August 25, 2009

Washington Post: "European Cyber-Gangs Target Small U.S. Firms, Group Says"
"A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud. "In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," the confidential alert says."


August 24, 2009

Washington Post: "Tighter Security Urged for Businesses Banking Online..."
"An industry group representing some of nation's largest banks sent a private alert to its members last week warning about a surge in reported cybercrime targeting small to mid-sized business. The advisory, issued by the Financial Services Information Sharing and Analysis Center, recommends that commercial banking customers take some fairly rigorous steps to secure their online banking accounts."


August 18, 2009

WSJ: "NJ U.S. Attorney Files Charges in 'Largest Reported Data Breach'"
"When it comes to criminal investigations and prosecution, the U.S. attorne's office in Manhattan may get the lion's share of the high-profile cases (See, e.g., Madoff, Dreier). But in terms of eye-popping filings, federal prosecutors in New Jersey have recently given the New Yorkers a run for their money. "


August 17, 2009

Security Fix: "Cyber Crooks Target Public and Private Schools..."
"On the morning of Aug. 17, hackers who had broken into computers at the Sanford School District in tiny Sanford, Colorado initiated a batch of bogus transfers out of the school's payroll account. Each of the transfers was kept just below $10,000 to avoid banks' anti-money laundering reporting requirements, and went out to at least 17 different accomplices or "money mules" that the attackers had hired via work-at-home job scams. "


August 14, 2009

SC Magizine: "Microsoft leads browsers in malware, phishing defense..."
"The browser, released in March with a number of enhanced phishing and anti-malware components, blocked an average of 81 percent of socially engineered malware and stopped 83 percent of suspected phishing sites -- topping four other major browsers, according to new tests conducted by NSS Labs. "


August 12, 2009

Computerworkd: "Microsoft knew of critical Office ActiveX bug in '07..."
"Three of the critical vulnerabilities Microsoft patched Tuesday in ActiveX controls for Office were first reported to the company two years ago, according to the security firm that alerted Microsoft of the flaws."


August 11, 2009

Computerworld: "Microsoft Fixes 19 Windows Security Flaws..."
"This month's batch of patches fix some fairly dangerous flaws. Redmond labels a security flaw "critical" if attackers could use it to seize control over a vulnerable system without any help from the victim. What's more, a dozen of the flaws earned the highest rating on Microsoft's "exploitability index," which is the software maker's best estimation of the likelihood that criminals will soon develop reliable ways to exploit them to break into Windows-based machines."


August 7, 2009

PC World: "Hardware Firewalls Bring Big Security to Small Businesses..."
"Think your business is too small for a serious security appliance? The truth may surprise you. For less than $500, a simple unified gateway device can protect even tiny offices from the very real threats posed by malware and hackers "


August 6, 2009

Washington Post: "How a denial-of-service attack works..."
"To picture a "denial-of-service" attack, think about what would happen if you and all your friends called the same restaurant over and over and ordered things you didn't even really want..."


August 5, 2009

Computerworld: "Mozilla shuts Firefox e-store after security breach"
"Mozilla shuttered its online store late Tuesday after finding out that the firm it hired to run the backend operations of the company's e-tailing business had suffered a security breach."


July 29, 2009

DarkReading: "Researcher Uncovers Massive, Sophisticated Trojan Targeting Top Businesses"
"The Trojan has already infected some businesses and extracted funds from accounts, Stewart says, often using unwitting "mules" whose PCs or accounts serve as intermediaries for funds transfer. The Washington Post reported one such incident involving Slack Auto Parts earlier this week."


July 27, 2009

Almost all Windows users may be vulnerable to Flash zero-day attacks
Computerworld: "More than 9 out of every 10 Windows users are vulnerable to the Flash zero-day vulnerability that Adobe won't patch until Thursday, a Danish security company said today."


July 25, 2009

Computerworld: Network Solutions warns merchants after hack
IDG News Service - "Criminals may have stolen more than half a million credit card numbers from merchant servers hosted by Networks Solutions, the Internet hosting company warned Friday."


July 22, 2009

Computerworld: Mozilla patches 11 vulnerabilities in Firefox 3.0
"Of the 11 flaws fixed in Firefox 3.0.12 -- the same number patched in the previous security update -- 10 were rated critical and one as "high" in Mozilla's four-step system."


July 21, 2009

Computerworld: "Hackers trawling for clues in Bugzilla tracker, say some Firefox developers"
"Mozilla is denying that a bug that crashes Firefox 3.5 is a security vulnerability, countering earlier reports that the company's latest browser contained a flaw even though it had just been patched."


July 20, 2009

The Washington Post: "The Growing Threat to Business Banking Online"
"Federal investigators are fielding a large number of complaints from organizations that are being fleeced by a potent combination of organized cyber crooks abroad, sophisticated malicious software and not-so-sophisticated accomplices here in the United States..."


July 17, 2009

CS Magazine: "Data attacks more frequent than CEOs think"
In a study of 213 CEOs and other senior executives, 92 percent of respondents said that their company's data has been attacked in the past six months.


July 15, 2009

WCVBTV Boston: "LexisNexis Warns 13,000 Of Possible Data Breach"
"Electronic publisher LexisNexis has told more than 13,000 people that a Florida man accused of helping run a racket for an organized-crime family may have gained access to their personal information through a former customer of a LexisNexis subsidiary."


July 14, 2009

DarkReading: "New Hardened Thumb Drive Self-Destructs When Breached"
"The new S200 device, which also uses hardware-based AES 256-bit strong encryption and includes anti-malware scanning and security management features, meets one of the federal government's highest security specifications, FIPS 140-2 Level 3, for storing top-secret data."


July 8, 2009

Computerworld: "Newest IE bug could be next Conficker, says researcher"
"The critical bug that Microsoft confirmed Monday but has yet to patch is a prime candidate for another Conficker-scale attack, a security researcher said."


July 7, 2009

WCVBTV Boston: "Federal Web Sites Shut Down By Cyber Attack"
"A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned."


June 27, 2009

New York Times: "U.S. and Russia Differ on a Treaty for Cyberspace"
"The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet."


June 19, 2009

It's official: Microsoft to offer free anti-malware service.
According to SC Magazine "In announcing the release of its Microsoft Security Essentials (MSE), the software giant is going on the offensive ..."


June 19, 2009

Lawmakers Blast Internet Data Collection
According to the Wall Street Journal: "House Privacy Bill Would Give Consumers More Control Over Their Online Information..."


June 12, 2009

"Internet Pirates are Trying to Steal YOUR Personal Financial Information"
According to the FDIC "The Good news is you have the power to stop them".


June 6, 2009

Protecting Personal Information: A Guide for Business
Watch this informative and well done video sponsored by the FTC.  It explains data protection from a practical point of view....


June 3, 2009

FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content
A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission.


May 29, 2009

Gumblar attack worse than Conficker, experts warn !
ScanSafe contends that Gumblar is worse than Conficker, a worm that spreads via a hole in Windows through removable storage devices and network shares with weak passwords, as well as disabling security software and installing fake antivirus software....


May 15, 2009

Risk Management Framework (RMF) - FAQs and Quick Start Guides (QSGs) Now Available
NIST’s Computer Security Division has released Frequently Asked Questions (FAQs) and Quick Start Guides (QSGs) for Step 1 Categorize and Step 6 Monitor of the Risk Management Framework (RMF). The FAQs and QSGs for steps 2-5 are still in development and will become available when finalized. The RMF 6-step chart posted on the website contains links to NIST Special Publications (SP), Federal Information Processing Standards (FIPS), FAQs and QSGs associated with the respective steps in the RMF.


May 4, 2009

SC Magazine: "LexisNexis admits to another major data breach..."
"About 32,000 people are being notified that their personal information may have been compromised after a breach at consumer data provider LexisNexis resulted in identity theft and credit fraud, the company has disclosed."


April 21, 2009

The Wall Street Journal Reports: "Computer Spies Breach Fighter-Jet Project"
WASHINGTON -- Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks


April 6, 2009

"What is the Definition of Personally Identifiable Information?"
With all the recent talk about data breaches and data breach laws you need to make sure you know what the terms mean.  The first thing ypu need to understand is what type of personal information the laws refer to.  As it turns out, the situation is more than a little vague, as this Legal-Beagle article verifies.


March 31, 2009

60 Minutes Reports: "The Internet Is Infected"
Lesley Stahl reports on computer viruses that propagate on the Internet and infect PCs, which enable their creators (often called "cyber gangs") to learn the information they need to electronically rob bank accounts.


March 27, 2009

IC3 2008 Annual Report on Internet Crime Released.
IC3 received a total of 275,284 complaints, a 33.1% increase over the previous year.  The total dollar loss linked to online fraud was $265 million, about $25 million more than in 2007.  The average individual loss amounted to $931.

October 20, 2008

In November of 2008 the FBI wrapped up a two-year undercover cyber operation.
The results were: 56 arrests worldwide, the prevention of $70 million in potential losses, and the confirmation that while there might be honor among thieves, in the end, they are still just thieves.

March 3, 2008

Should you trust flash drives to safeguard your data?
Bill O'Brien, Rich Ericson and Lucas Mearian of Computerworld Review 7 secure USB drive products.

Sept 10, 2007

Connecticut Department of Revenue Services (DRS) Laptop Stolden:
"Governor M. Jodi Rell today urged residents to be wary of callers offering credit or identity theft protection services in the wake of the announcement last week that a laptop computer containing taxpayer information was stolen from a Department of Revenue Services' (DRS) employee."

August 13, 2007

Wall Street & Technology Blog: "Merrill Lynch Reports Computer Theft"
"The personal information - including social security numbers - of 33,000 employees is believed to have been on the computer."

May 14, 2007

Security Fix: "New Attack Piggybacks on Microsoft's Patch Service"
"Security experts have been predicting that virus writers would find a way to hijack Microsoft's security patch delivery process to slip their software onto users' computers. They were right."

Apr 16, 2007

US-CERT: Vulnerability Summary for the Week of April 9, 2007
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

Mar 14, 2007

Washington Post: "Cyber-Criminals and Their Tools Getting Bolder, More Sophisticated"
""These guys got everything, but all I knew was that my financial accounts were compromised," said the 66-year-old Fairfax engineer, who learned of the virus from a reporter who used forensic tools from computer-security firm Sunbelt Software in February to locate the Web server hosting Hoyler's private information."



Feb 12, 2007

Washington Post: "Wanted: Missing FBI Laptops"
If you lose your laptop, don't go crying on the shoulder of the Federal Bureau of Investigation. It has its own problems. The agency had at least 160 laptops lost or stolen over the past four years.

Jan 15, 2007

Bruce Schneier: "Apart from a $50,000 or $100,000 engineering effort" there is no way to tell whether a vendor's security is foolproof!
Read this thought provoking an inforative essay by security technologist and author Bruce Schneier.

October 20, 2006

IC3 The US Government established a site dedicated to tracking Cyber Crime.
It is called the Internet Crime Complaint Center (IC3). It is a partnership between the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA). 

IC3 accepts online Internet crime complaints from either the person who believes they were defrauded or from a third party to the complainant.  They can best process your complaint when they receive accurate and complete information. Therefore, you should provide the following information when filing a complaint:
* Your name
* Your mailing address
* Your telephone number
* The name, address, telephone number, and Web address, if available, of the individual
or organization you believe defrauded you.
* Specific details on how, why, and when you believe you were defrauded.
* Any other relevant information you believe is necessary to support your complaint.
Padlock and Alarm Clock
Did You Know?

Time is running out to comply with new State Data Breach Laws.

Every year 2.6% of US homes are burglarized but 4.6% of Americans have their ID stolen?