Hackers Test Limits of Credit Card Security Standards
April 29, 2009
The number, scale and sophistication of data breaches fueled by hackers last year is rekindling the debate over the efficacy of the credit card industry’s security standards for safeguarding customer data.
All merchants that handle credit and debit card data are required to show that they have met the payment card industry data security standards (PCI DSS), a set of technical and operational requirements designed to safeguard cardholder information from theft or unauthorized access.
Continue reading the article
Level 4: The small-merchant PCI challenge
April 29, 2009
While sensational data breaches experienced by big-box retailers and processors fill the headlines, 85 percent of reported data compromises involve small merchants – defined as Level 4 by the Payment Card Industry (PCI) Data Security Standard (DSS). More than 6 million small merchants are doing business in North America; fewer than 5 percent have attested to compliance with the PCI DSS.
These are potentially costly statistics for acquirers, who ultimately shoulder the monetary burden should their merchants experience breaches.
Beyond their abundance, Level 4 merchants carry unique challenges. Acquirers can reduce their overall risk and dramatically improve compliance rates among these merchants by overcoming four often-overlooked pitfalls when designing their PCI compliance programs.
SANS: Newest WLAN Hacks Come From Afar
April 27, 2009
Expert warns of deadly combination of long-distance remote and wireless hacking to get inside an organization
An attacker doesn’t need to be in physical proximity to hack your wireless network. In fact, a more sophisticated wireless attack doesn’t use RF at all, according to a SANS security expert here at RSA.
Ed Skoudis, founder and senior security consultant for InGuardians and a SANS instructor, said a deadly combination of long-distance remote and wireless hacking to get inside an organization is one of the potentially more dangerous new attacks to look out for.
Many Users Say They’d Sell Company Data For The Right Price
April 26, 2009
In subway survey, 37 percent of workers say they could be bought
Would you sell your company’s secrets to a stranger for $1.5 million? More than one-third of employees surveyed last week said they would — and some of them said they’d do it for less.
In their annual visit to London’s railway stations, researchers from the InfoSecurity Europe conference asked 600 commuters whether they’d sell their company’s sensitive data in exchange for various forms of compensation. Last year, the researchers got many railway riders to give up their passwords for a chocolate bar.
Outpost24 AB, der Technologieführer in On-Demand Schwachstellen Management Lösungen, unterstützt den Lehrauftrag von Hochschulen mit kostenfreier Lizenz.
Mit der kostenfreien Lizenz für Hochschulen bietet Outpost24 den Hochschulen die Möglichkeit, sich noch besser im Bereich proaktive IT Sicherheit aufzustellen und ihren Studenten/innen direkte Einblicke in die führende Technologie in diesem Segment präsentieren zu können.
Survey: High-Profile Corporate Data Breaches Have Yet To Impact IT Security Attitudes
April 23, 2009
Concerns about insider security threats remain a low priority for enterprise organizations, according to Lieberman Software survey
Despite recent headlines announcing major corporate data breaches, concerns about insider security threats remain a low priority for enterprise organizations. According to a survey of IT industry professionals, insider security threats and corporate data breaches are lesser security concerns than more traditional security risks, such as viruses, Trojans and worms. The survey was conducted by Lieberman Software Corporation, a developer of privileged account password management solutions.
Continue reading the article
HIPAA, GLBA, PCI, Sarbanes-Oxley, and PCI compliance violations uUncovered through five-day Secure Assessment Program in Q1 2009
Palisade Systems, a leading provider of data loss prevention products and services, announced today the quarterly results of their 5-Day Secure Assessment Program. From January through March 2009, Palisade’s PacketSure data loss prevention appliance uncovered over 525,000 compliance violations.
Small businesses are chief laggards in deploying data leakage protection technology, researchers say
Despite recent headlines and instances of insider attacks, many companies still are not acting to protect themselves from insider threats, according to two new analyst reports.
Forrester Research earlier this week published a study called “Data Security Challenges and Technology Adoption in 2008,” which offers a detailed look at enterprises’ attitudes about security and the deployment of next-generation security technologies.
ECrime is bigger than drugs
April 23, 2009
The Swedish IT security company Outpost24 emphasizes the scale of ecrime, by stating that it is already bigger than the international drug trade.
Continuing reading the article (it is in Finnish!!!!)
Outpost24 Expands Global Presence, New Office in Turkey
April 22, 2009
Outpost24, The Technology Leader in Vulnerability Assessment and Management, continues its expansion into Europe with the recent opening of a new office in Istanbul, Turkey.
This development into Turkey will allow Outpost24 to provide its Turkish customer base with a local presence and local support.
