ISR News: Sprint Employee Stole Client Data

Excerpts From the Washington Post

“It appears this employee may have provided customer information to a third party in violation of Sprint policy and state law. We have terminated this employee. The information that may have been compromised includes your name, address, wireless phone number, Sprint account number, the answer to your security question, and the name of the authorized point of contact on your account.”

ISR News: 2009 - Year of the Insider Threat

Excerpt From BankInfoSecurity.com

The increased number of employers handing out pink slips doesn’t help quell the threat, with a record number of people on the unemployment lines and others at work worried about their own positions. “We’re going to see some insider events where insiders are tempted enough by money to enable these compromises to take place from outsiders, allowing access to payment data and account information,” says Mike Urban, Senior Director of Fraud Solutions at Fair Isaac, predicts,

ISR News: WorldPay Facing Class Action

Excerpts From SecurityFocus.com’s Robert Lemos

RBS WorldPay Facing Class Action Lawsuit Over Breach (February 6, 2009) Law firms in Pennsylvania, Georgia and Washington DC have filed a class action lawsuit against payment processor RBS WorldPay.

ISR News: World Power Hubs Are Bugged

Excerpts From The Register’s Dan Goodin

“An unauthenticated attacker may be able to gain access with the privileges of the e-terrahabitat account or an administrator account and execute arbitrary commands, or cause a vulnerable system to crash,” CERT’s advisory states. Users should apply the patch immediately, it adds.

ISR News: WorldPay (CORRECTION: NOT PROPAY) Suffers $9M Heist

Excerpts From Blog.Wired.com

A carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay, New York’s Fox 5 reports.

(CORRECTING EARLIER POST ON INFORMATION-SECURITY-RESOURCES.COM - NOT PROPAY IDENTIFIED IN DATA SECURITY BREACH)

ISR News: WorldPay Suffers $9M Heist

Excerpts From Blog.Wired.com

A carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay, New York’s Fox 5 reports.

ISR News: IBM Issues Dire Warnings

Excerpts From ComputerWorld.com’s Tom S. Noda

If there is something companies should continue spending on despite the present global economic crisis, it would have to be IT security, according to Marne Gordan, GRC market manager for IBM’s Tivoli Software Division.

“There are consequences in cutting costs on IT security. Threats could succeed five times to 10 times more,” Gordan said.

ISR News: Feds Warn of Security Meltdown

Excerpts From DarkGovernment.com

Computer attacks pose the biggest risk “from a national security perspective, other than a weapon of mass destruction or a bomb in one of our major cities,” said Shawn Henry, assistant director of the FBI’s cyber division told the International Conference on Cyber Security in New York . According to multiple reports Henry went on to say terrorist groups aim for an online 9/11, “inflicting the same kind of damage on our country, on all our countries, on all our networks, as they did in 2001 by flying planes into buildings.”

ISR News: The Rising Cost of Lost Data

Excerpts From Forbes.com’s Andy Greenberg

According to a report released Monday by the Ponemon Institute and funded by encryption firm PGP, the cost of a data breach for companies has risen to $202 per lost record, up from $197 in the institute’s 2007 study. For the 47 companies audited in the study, those costs added up to $6.6 million per incident.

ISR News: More Cyber-Crime Stats

Excerpts From GovTech.com’s Ulf Wolf

According to the 2007 Internet Crime Complaint Center (IC3) report, 206,884 complaints were filed online for an estimated $239 million loss. However, keep in mind that experts (for once) agree that only 1 in 7 cyber-crimes are reported to the authorities or to sites such as IC3. The accurate cyber-crime figures, then, are roughly seven times higher.

Next Page »

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (104)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (592)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (301)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (578)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (364)
  • Greg George (5)
  • H1N1 (15)
  • hackers (530)
  • healthcare (125)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (526)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (29)
  • Insider Threat (481)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (62)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (492)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (202)
  • national security (444)
  • PCI (299)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (543)
  • Rachel James (10)
  • reach (2)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (493)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (92)
  • Webcast (49)

• ISR Headline Index

  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers
  • Risk Based Enterprise Compliance Programs
  • Data Loss Prevention Has Jumped the Shark

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs