HSBC Finance Corporation has begun notifying an undisclosed number of consumers whose mortgage account information was inadvertently exposed on the Internet. The firm believes the exposure began sometime towards the end of 2014 and continued until March 27, 2015, when they learned of the breach. Security experts from Secure Channels, Lancope and Tripwire have provided comments and insight Richard Blech, CEO, Secure Channels (www.securechannels.com): “HSBC’S negligence with personal sensitive data is another symptom of the overall disregard of protecting data. HSBC wasn’t breached but they were lazy, which would have ended up with a breach if they hadn’t released the…
ISBuzz Team
More IT Professionals are Operating Under the Assumption of Compromise More organizations are operating under the assumption that their network has already been compromised, or will be, according to a survey conducted by the SANS Institute on the behalf of Guidance Software. Fifty-six percent of those surveyed assume that they have been breached or will be soon compared with 47 percent last year. However, organizations are not taking a proactive approach to detecting threats or achieving greater visibility into their networks. SANS surveyed 1,827 IT professionals in the United States for the 2nd annual SANS Endpoint Security Survey, to explore how…
During a law enforcement investigation, Trustwave encountered malware with similarities to the NewPOSthings family of malware first discovered by Dennis Schwarz and Dave Loftus at Arbornetworks. While this malware shares some commonalities with that family, this malware departs from the standard operating procedure of the previous versions rather dramatically. We have named this family Punkey. TrendMicro also detailed recently compiled versions of the NewPOSthings family in their blog post that bears a closer resemblance to NewPOSthings than Punkey. This suggests that there could be multiple actors using similar source code. Because of the active investigation, It cannot reveal C&C domains used in the samples.…
Comments on the recent survey from CompTIA showing that human error is responsible for 52 percent of security breaches, and that “human error…is a problem without an obvious solution” Nathan Wenzler, Senior Technology Evangelist at Thycotic, who disagrees with the point made in this CompTIA report that employee training is the only solution to mitigate human-error related breaches. Nathan Wenzler, Senior Technology Evangelist, Thycotic: When reading the recent CompTIA IT security report, I was shocked to learn the general sentiment amongst IT teams is that employee training is the only tactic for reducing the chance of human-error related data breaches. There…
Xirrus and eircom partnership delivers unprecedented Wi-Fi Hot Spot services to two million SMB and enterprise customers Xirrus, the leading provider of high-performance wireless networks, today announced eircom, the largest fixed-line, mobile and broadband telecommunications company in Ireland launched its Advantage Wi-Fi service, successfully leveraging Xirrus’ cloud-managed Wi-Fi technology. Xirrus’ state-of-the art Wi-Fi technology brings performance-driven, application-aware, multi-Gigabit Wi-Fi empowering eircom to deliver enterprise-class, fast, reliable wireless connectivity to business customers in Ireland. By partnering, Xirrus and eircom Business Solutions are bringing unprecedented flexibility to business customers by offering 802.11ac Access Points that support the latest Wi-Fi standard on every radio,…
The Websense Security Labs™ team is aware of a recent discovery that provides attackers with the potential to intercept sensitive user credentials (username, domain, and hashed password).
Action Module transforms incident response, enabling automated action and intelligence Resilient Systems (formerly Co3 Systems), the leading Incident Response Platform (IRP) provider, today announced the launch of its Action Module, the first and only active platform for Incident Response (IR), and the latest innovation to its Incident Response Platform.
Comments on reports that a hacking group in China is one of the first to have targeted “air-gapped” networks that are not directly connected to the Internet, Franklyn Jones, CMO of Spikes Security (www.spikes.com), explained:
Kaspersky Lab security researchers have discovered a vulnerability in the kernel of Darwin – an open-source component of both the OS X and iOS operating systems.
Kaspersky Lab has revealed its participation in the disruption of the Simda criminal botnet.