Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Veracode announced the Vendor Application Security Testing (VAST) program, which provides an independent, automated, and outsourced program to help enterprises reduce the security risks associated with the use of vendor-supplied software, while strengthening vendor compliance with enterprise application security policies.
Original article at NetSecurity
In recent months, we’ve seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally.
It creates its own hidden partition on the hard drive and uses hidden alternative data streams to hide and thrive.
Original article at The Hacker News
An analysis of 3.4 million four-digit PINs. (“1234” is the most common: 10.7% of all PINs. The top 20 PINs are 26.8% of the total. “8068” is the least common PIN — that’ll probably change now that the fact is published.)
Original article at www.schneier.com
Hackers from Indian Anonymous Group hacked Bharatiya Janata Party’s website, BJP.org, last night, and defaced it.
They posted a set of messages with pictures, reflecting the group’s condemnation of recent events including the government’s approval of 51% FDI in multi-brand retail, diesel price hike, corruption, the cartoon controversy, and the Kudankulam Power Project, among others.
Original article at TheHackersNews
Bank of America’s website experienced periodic outages Tuesday due to cyber attacks launched in retaliation for “Innocence of Muslims,” the amateurish film whose mocking portrait of the Prophet Muhammad has incited deadly riots throughout the Middle East.
“Cyber fighters of Izz ad-din Al qassam” said it would attack the Bank of America and the New York Stock Exchange as a “first step” in a
Original article at TheHackersNews
Tech consultancy company DataGenetics has analyzed the popularity of numeric passwords. What they found confirms previous research that most of our four-digit PINs (e.g., for credit and debit cards) are way too predictable. Check if yours is one of those mentioned in their report.
Original article at LifeHacker
Moving right along … Now that ATM operators more sophisticated means to detect and prevent machine tampering, criminals are finding easier pickings for their skimming operations. Germany’s Federal Criminal Police Office (BKA) has reported that fraudsters have begun using ATM skimming devices to collect PINs and data at card readers of train ticket machines.
Original article at atmmarketplace.com
Microsoft today released a stopgap fix for a critical security flaw in most versions of Internet Explorer that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21.
The company released a “fix it” tool, designed to blunt the threat of attack on this flaw for users of IE 7, 8 and 9. In a blog post, Microsoft’s Yunsun Wee said the one-click solution should not affect users’ ability to browse the Web, and it does not require the reboot of your computer. Users should not need to uninstall the fix to apply the full security patch when Microsoft releases it.
I’m glad to see Microsoft take this step. The company keeps downplaying the threat, stating that “there have been an extremely limited number of attacks,” against that this flaw and that “the vast majority of Internet Explorer users have not been impacted.” Nevertheless, as I noted in previous stories this week, a reliable exploit for this vulnerability has already been rolled into free, easy-to-use attack tools, so IE users should not delay in applying this fix-it tool.
Original article at krebsonsecurity
Two hackers who took part in a hacking scheme that involved more than 146,000 compromised cards leading to more than $10 million in losses, pleaded guilty today in a New Hampshire court. One agreed to spend seven years behind bars, while the other agreed to spend 21-months locked up.
Iulian Dolan and Cezar Butu, both Romanian nationals, admitted that between 2009 and 2011, they cooperated with co-conspirator Adrian-Tiberiu Oprea, who is awaiting trial after being extradited to the U.S. in May, to hack into hundreds of U.S.-based point of sale (POS) systems to steal credit and debit card numbers and then use the stolen payment card data to make unauthorized charges or sell the stolen card data to others who would do the same.
Written by: jpeterson at https://www.teamshatter.com/topics/database-security/point-of-sale-hackers-plead-guilty-to-scheme-face-prison-time/
Another HIPAA data breach settlement has been reached, this time with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI), which will pay $1.5 million to the Department of Health and Human Services (HHS) for potential violations of the HIPAA Security Rule.
HHS officials announced Monday that the settlement also requires MEEI to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information.
Written by: jpeterson at https://www.teamshatter.com/topics/compliance/hipaa/massachusetts-eye-and-ear-associates-inc-to-pay-1-5-million-for-potential-violations-of-the-hipaa-security-rule/