Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Massachusetts Eye and Ear Infirmary, a Boston-based hospital, agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HSS) earlier this week, settling a HIPAA violation stemming from a 2010 incident.
Original article at ThreatPost
A former senior software engineer for CME Group, a Chicago-based derivatives trading firm, has pleaded guilty to theft of trade secrets for stealing tens of millions of dollars’ worth of computer source code and other information while pursuing plans to improve an electronic trading exchange in China, the U.S. Department of Justice announced.
Original article at HITB
Windows Secrets is known by many for its newsletter that gets sound out regularly to free and paid subscribers of the site. At its core, it is a news site that is publishing its stories on its website and the newsletter, with some articles released exclusively to paid subscribers of the service. Articles are written by professionals and experts making this one of the few newsletters around the web that is worth subscribing to.
It recently became known that the Windows Secrets Newsletter website got hacked. The attacker managed to brute force an administrator account to gain access to the site. Using the account, the hacker planted malicious code on the site to get access to the site’s database and information. When subscribers and editors started to receive spam that appeared to come from Windows Secrets, site administrators began an investigation to find out what was going on.
They discovered the hacked administrator account and malicious code on the website, and removed all traces of the code and attack from the site. A full audit of the website, servers and sites on the same network is still undergoing.
Windows Secret users need to know what has been compromised. According to site operators, the following information could have been exposed:
subscriber name, e-mail address, reader number, ZIP code (if applicable), geographic region, and hashed password — all the entries on your profile page.
It seems fairly certain that email addresses have been exposed, considering that users have received spam in the last days. Payment information are not kept on site, and credit card processing is handled by a third party service exclusively. There is no indication at the time of writing that financial information were compromised in the attack.
It is recommended to change the account password at the earliest convenience on this page to protect the account from third party access. Subscribers who have used the same password on other sites should change it on those sites as well as it is likely that the attacker will try to use the email and password combination to log in on popular sites such as Facebook, Twitter or Google (provided that the brute-forcing of hashed passwords is successful of course).
Original article at Ghacks
Veracode announced the Vendor Application Security Testing (VAST) program, which provides an independent, automated, and outsourced program to help enterprises reduce the security risks associated with the use of vendor-supplied software, while strengthening vendor compliance with enterprise application security policies.
Original article at NetSecurity
In recent months, we’ve seen the rootkit family Win32/Sirefef and Win64/Sirefef (also known as ZeroAccess Botnet) update its command and control protocol and grow to infect more computers while connecting to over one million computers globally.
It creates its own hidden partition on the hard drive and uses hidden alternative data streams to hide and thrive.
Original article at The Hacker News
An analysis of 3.4 million four-digit PINs. (“1234” is the most common: 10.7% of all PINs. The top 20 PINs are 26.8% of the total. “8068” is the least common PIN — that’ll probably change now that the fact is published.)
Original article at www.schneier.com
Hackers from Indian Anonymous Group hacked Bharatiya Janata Party’s website, BJP.org, last night, and defaced it.
They posted a set of messages with pictures, reflecting the group’s condemnation of recent events including the government’s approval of 51% FDI in multi-brand retail, diesel price hike, corruption, the cartoon controversy, and the Kudankulam Power Project, among others.
Original article at TheHackersNews
Bank of America’s website experienced periodic outages Tuesday due to cyber attacks launched in retaliation for “Innocence of Muslims,” the amateurish film whose mocking portrait of the Prophet Muhammad has incited deadly riots throughout the Middle East.
“Cyber fighters of Izz ad-din Al qassam” said it would attack the Bank of America and the New York Stock Exchange as a “first step” in a
Original article at TheHackersNews
Tech consultancy company DataGenetics has analyzed the popularity of numeric passwords. What they found confirms previous research that most of our four-digit PINs (e.g., for credit and debit cards) are way too predictable. Check if yours is one of those mentioned in their report.
Original article at LifeHacker
Moving right along … Now that ATM operators more sophisticated means to detect and prevent machine tampering, criminals are finding easier pickings for their skimming operations. Germany’s Federal Criminal Police Office (BKA) has reported that fraudsters have begun using ATM skimming devices to collect PINs and data at card readers of train ticket machines.
Original article at atmmarketplace.com