As you’re probably aware, America’ Thrift Stores have announced that it recently learned it was the victim of a malware-driven security breach that targeted software used by a third-party service provider. “This breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers,” the company’s CEO said in a statement. “This virus/malware, is one of several infecting retailers across North America.” Security experts from Tripwire and HP data security reacting to news of yet another retail breach. [su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire : “The cadence of retail breaches continues and will continue. Unfortunately, even though…
Author: ISBuzz Team
The latest victim of cybercrime is Dow Jones & Co., which revealed that it was attacked by hackers seeking customer contact information. While contact info was the target of the breach, up to 3,500 payment card accounts may have been compromised. Ken Westin, senior security analyst with Tripwire have the following comments on it. [su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire : “Fraud fuels data breaches; the number of large data breaches we see every day proves the link between these two crimes. The rise of underground markets where hackers and fraudsters engage in commerce with one another has…
The European Court of Justice has ruled that the ‘Safe Harbour’ agreement that allowed the transfer of European citizens’ data to the US is no longer valid. The EUCJ ruled that the agreement that went into force in 2000 was invalid because it does not adequately protect consumers in the wake of the Snowden revelations. This means that American companies such as Google, Facebook, Apple and Microsoft, can no longer rely on self-certification and must seek to strike “model contract clauses” in each case. These agreements authorise the transfer of data outside of Europe. Ken Westin, senior security analyst, Tripwire, discusses the effects that this…
The cost of cyber crime in the US has risen by $15 million according to a new Ponemon report sponsored by Hewlett-Packard. The Cost of Cyber Crime Study also examined global costs, which are not as high on average as those in the U.S. For the 2015 study, the global average annualized cost of cyber-crime is $7.7 million for a 1.9 percent year-over-year increase. The global study methodology examined 252 companies across seven countries, with 1,928 attacks used to measure the total cost. Specifically in the U.S., the study looked at 58 companies, with 638 cyber-attacks used to measure the…
Against the backdrop of an unprecedented growth of cybercrime, October 1 marked a significant milestone as the US embarked upon a program to mandate adoption of the EMV (Eurocard/Mastercard/Visa) card security standard to further reduce crime. Created in 1993, and based on an earlier European fraud-reduction standard established in 1986, EMV introduces chip-based security measures that could limit fraud for retail POS (point-of-sale) transactions by dramatically reducing the risk of credit card copying and cloning. Though many anti-fraud and security professionals question whether the US has gone far enough with a chip-only solution instead of the European chip and PIN…
Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, announced the new Dynamic Software Reconciliation App for Tripwire® Enterprise. The new app provides users with a reliable and authoritative method to identify all legitimate changes seen during and after security patch installation. The Tripwire Dynamic Software Reconciliation App dramatically reduces the time required for administrators to review the hundreds of system changes that occur during a Windows patching process. The Dynamic Software Reconciliation App automatically compiles lists of installed patches, queries Microsoft’s TechNet and Linux YUM repositories and fetches the file-level manifests for each patch. These…
57 Percent of Used Mobile Devices and 75 Percent of Used Drives Purchased from Amazon, eBay and Gazelle Have Unsuccessful Deletion Attempts Previously Made A new global data security study from Blancco Technology Group and Kroll Ontrack found varying amounts and types of residual data on used mobile devices, hard disk drives and solid state drives purchased online from Amazon, eBay and Gazelle.com. Based on an examination of 122 pieces of second-hand equipment, 48 percent of the hard disk drives and solid state drives contained residual data, while thousands of leftover emails, call logs, texts/SMS/IMs, photos and videos were retrieved…
Ken Westin, senior security analyst with Tripwire, commented on research from Cybereason that has uncovered a new attack targeting Microsoft Outlook Web Application (OWA). [su_note note_color=”#ffffcc” text_color=”#00000″]Ken Westin, Security Analyst for Tripwire : “This attack shows the importance of being hyper-vigilant when it comes to monitoring critical assets within an organizations environment. Organizations need to pay special attention to what is happening on these critical endpoints, as they can easily lead to an entire network being compromised. Mail servers, active directory servers, databases and other critical systems need to be monitored for any and all system configuration changes, as well…
Presidential candidate and real-estate baron Donald Trump’s chain of high-end hotels “may have been the victim of a data security incident”, the company has informed customers. Trump Hotel Collection (THC) executives ascribed the breach to malware that was active on its systems “between May 19, 2014, and June 2, 2015”. Tim Erlin, Director of security and product management at Tripwire commented that “[W]e believe that the malware may have affected payment card data including payment card account number, card expiration date and security code,” the company said in a statement. [su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at…
Lieberman Software Survey Reveals Many Organizations Fail to Take Proactive Approach to Cyber Defense A new survey from Lieberman Software Corporation revealed that 92 percent of IT security professionals believe that cyber security drills are a good way to prepare for cyber attacks. However, 63 percent of those surveyed admitted that their organizations never run such drills, or only do so annually. The study was carried out at Black Hat Conference 2015, and looked at the attitudes of nearly 150 IT security professionals. It also revealed that only 11 percent of organizations carry out cyber security drills quarterly, while 26…