Top IT Security Bloggers
-
German Government tells all users of Internet Explorer.. to stop NOW
Sophos - Naked SecurityThe German government is clearly taking the latest critical security problem in Internet Explorer seriously, publicly urging all users to stop browsing the web with the Microsoft product until a patch is available.
-
Malware Uses Google Go Language
Symantec Security Response BlogsDesigned in 2007 and introduced in late 2009, the Go programming language developed by Google has been gaining momentum the past three years. It is now being used to develop malware. Recently seen in the wild, Trojan.Encriyoko is a new threat associated with components which are written in Go.
-
Men plead guilty to $10 million Subway restaurant hack
Sophos - Naked SecurityTwo men have pleaded guilty to their part in a multi-million dollar scheme which saw the point-of-sale computers of hundreds of Subway restaurant stores hacked into, and the details of customers' payment cards stolen.
-
US 2012 Elections Apps May Lead to Data Disclosure
TrendLabs - Malware BlogWe uncovered four Android mobile apps on Google Play and certain third-party app stores, which when installed, gain access to specific device information that can be used without users’ consent and may lead to data leakage. One of these apps was already removed from Google Play but remain available on third-party ones. These apps are [...]Post from: TrendLabs | Malware Blog - by Trend Micro
US 2012 Elections Apps May Lead to Data Disclosure -
SANS seeks feedback on policy development
CSO OnlineSANS is looking for feedback about what policies are emerging among organizations with applications to protect.
From their press release today: -
Judge denies Home Depot's demand for worker's emotion-laden Facebook posts
Sophos - Naked SecurityA federal California judge has ruled that Home Depot can't rummage through a former worker's Facebook, Twitter, LinkedIn, or other social media posts and pictures to prove that she lied about emotional distress caused by her employer's alleged wrongdoing.
But some of her Facebook posts are fair game.
-
Changing Enterprise Security Strategies
Network World - Networking Nuggets and Security SnippetsIn a recent research survey, ESG asked security professionals working at enterprise organizations (i.e. more than 1,000) how their organizations would change their security management strategy in the next 24 months. Here are the results:
• 44% said that they plan to design and build a more integrated security architecture
• 39% said that include new data sources for security intelligence
• 24%... -
Would you open a sexy email sitting in your business inbox?
Sophos - Naked SecurityImagine you are at work. You're rattling through your email message. And in your inbox, sitting quietly, is a message with the word "sexy" in the title...
Would you open it?
-
Think Carefully Before Collecting Data
CSO OnlineIn this age of ever plummeting storage costs, some businesses are electing to "store it all" when it comes to consumer data. That is, businesses are storing data regardless of whether there is an actual need with the assumption that it might be of value in the future. This approach, however, can lead to liability from several sources. First, cardholder information arising from credit card transactions is strictly controlled by the PCI Data Security Standards, as well as the card association rules. Storing and retaining more data than absolutely required by the transaction may run afoul of these requirements. Second, with the growing number of complex and conflicting state and federal (as well as international) laws and regulations governing personally identifiable data, businesses should be inclined to limit the data they collect to that which is required for the transaction, as opposed to retaining excess data that is not required. Possession of that data may, in and of itself, violate applicable law or simply increase the potential for liability because of the increased volume of data that must be secured. -
BSIMM4 launches today
CSO OnlineThe BSIMM4 project offers insight into 51 of the most successful software security initiatives in the world and describes how these initiatives evolve, change, and improve over time.