data loss

Security Needs Context in IoT| SC Magazine

SC Magazine has a worthy editorial on IoT and security by John Barco, VP of product management at the firm ForgeRock on how Internet of Things (IoT) technologies requires both security and a better understanding of what Barco calls “context.”   “It’s not just about protecting IoT devices but the entire ecosystem, from the customer to the partner, the web page, mobile device, mobile app, the cloud and everything else in between,” he writes. Organizations that do not grasp the complex interactions between static devices, mobile devices and (of course) the cloud risk leaving sensitive, regulated data or intellectual property at the mercy of malicious actors. Barco’s recommendations? More and better user authentication to support IoT use cases outside the firewall, and future-proofing your IoT deployment by eschewing proprietary platforms and technologies. To quote Barco: “open source gives IT a platform it can build on and customize, while open standards offer the flexibility to adapt to future […]

Continue Reading

Discrete Malware Lures Execs At High-End Hotels

Kaspersky Lab has a fascinating write-up of malware it is calling “DarkHotel.” The information-stealing software is believed to target traveling executives. Curiously, Kaspersky says the malware may be almost a decade old and is found only on the wireless networks and business centers of select, high-end hotels. Reports about targeted attacks on traveling executives are nothing new. However, the Kaspersky report (PDF version here) may be the most detailed yet on a specific malicious software family that is devoted to hacking senior corporate executives. According to Kaspersky, the DarkHotel malicious software maintained a presence on hotel networks for years, with evidence of its operation going back as far as 2007. The malware used that persistent access to target select hotel guests, leveraging check-in/check-out and identity information on guests to limit attacks to high value targets. Targeted guests were presented with iFrame based attacks that were launched from the hotel’s website, […]

Continue Reading

Retailers Demanding Federal Action on Data Breach

Add retailers to the chorus of voices calling for federal legislation on cyber security and data protection. In an unusual move, retail groups from across the U.S. sent a letter to Congressional leaders that urged them to pass federal data protection legislation that sets clear rules for businesses serving consumers. The letter, dated November 6, was addressed to the majority and minority party leaders of the U.S. Senate and the House of Representatives and signed by 44 state and national organizations representing retailers, including the National Retail Federation, the National Grocers Association, the National Restaurant Association and the National Association of Chain Drug Stores, among others.   “The recent spate of news stories about data security incidents raises concerns for all American consumers and for the businesses with which they frequently interact,” the letter reads. “A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all […]

Continue Reading

Wanna-Breach: Counterfeit Data Breaches Are A Thing

Headline grabbing data breaches are such a fixture of our modern business environment that they’ve even spawned a knock-off market: phony data breaches designed to harm a company’s image by making it look as if the firm has lost control of critical data. That’s the conclusion of a research note from Deloitte, which warns that malicious actors are increasingly using false claims about massive data breaches to bedevil established firms – inflicting real economic and reputation damage.

Continue Reading

Uncle Sam Taking a Back Seat in Cyber Defense | Bloomberg

Bloomberg has a story on the collaborative, private sector effort to thwart an industrial hacking campaign linked to Chinese intelligence.   The effort, which involved firms like FireEye and iSight Partners “demonstrates for the first time a private-sector model that they believe can move faster than investigations by law enforcement agencies,” the report said. From the article: The take-down largely bypassed traditional law enforcement tools, relying instead on cooperation between companies that are normally fierce competitors. Coalition members — which include Microsoft Corp., Cisco Inc. and Symantec Corp. — say they can act faster than governments because they operate global Internet systems and have business relationships with tens of thousands of companies. Read more via China-Linked Hacking Foiled by Private-Sector Sleuthing – Businessweek.

Continue Reading
1 18 19 20 21 22 41