ISR News: More Heartland Breach Victims
Excerpts From BankInfoSecurity’s Linda McGlasson
Bermuda, Canada and Guam Now Report Effects from Breach. By the latest count, the number of institutions that have informed their card customers and members that they were hit as a result of the Heartland Payment Systems (HPY) data breach has swelled to 157.
ISR News: Obama to Kaibosh CEO Mega-Pay
Excerpts From CNN.com
President Obama alluded to a change in executive salary in an interview with CNN’s Anderson Cooper on Tuesday. “Tomorrow I’m going to be talking about executive compensation and changes we’re going to be making there,” he said. “We’ve now learned that people are still getting huge bonuses despite the fact that they’re getting taxpayer money, which, I think, infuriates the public.”
ISR News: Monster Breach at Monster.com
Monster.com Press Release
We continue to devote significant resources to ensure Monster has appropriate security controls in place to protect our infrastructure, and while no company can completely prevent unauthorized access to data, Monster believes that by reaching out to job seekers, the company can help users better defend themselves against similar attacks.
ISR News: Cyber-Crime Advice for Obama
From Sysman.com
Critical government, military, and civilian networks have been repeatedly infiltrated to steal our intellectual property and national secrets. So, how do we build a modern, national cyber security policy as we enter into the 44th Presidency? The Center for Strategic and International Studies’ report weighed in on this topic, but I think they missed the point in their technical recommendations,” Aziz said in a blog post.
ISR News: World’s Biggest Data Breach
Excerpts From Forbes.com’s Taylor Buley
Talk about a credit crisis: Heartland Payment Systems, a credit card payment processing firm, may have been the victim of the largest data breach to date. The Princeton, N.J.-based firm said Tuesday that it discovered malicious software in its systems that compromised the security of the data traversing its network. It’s unclear what data may have been tampered with or stolen, but Heartland said no merchant data, cardholder Social Security numbers, unencrypted PIN numbers, addresses or telephone numbers “were involved in the breach.”
ISR News: Obama’s Cyber-Security Push
Excerpts from WSJ.com’s Ben Worthen
While the outgoing Bush administration took steps over the last two years to improve cyber security, “we don’t think it’s keeping pace with the progress necessary to keep the country safe,” says John Stewart, chief security officer for Cisco Systems.
ISR News: UK Ministry of Defense Attacked
Excerpts from CIO.com’s Jeremy Kirk
The U.K. Ministry of Defence is in the midst of an electronic fight with a computer virus that rapidly spread through its computer networks starting Jan. 6. The virus infected computers throughout the military, including those used by the Royal Air Force and Royal Navy, and is one of the most severe attacks the organization has ever faced, according to a Ministry of Defence spokeswoman.
ISR News: Ruski Wi-Fi Hacker For Sale
Excerpts from TechWorld.com’s John E. Dunn
The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product. Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that bit length.
ISR News: IRS On-Line Vulnerable
Excerpt from SANS.org
According to an audit report from the Treasury Inspector General for Tax Administration, the US Internal Revenue Service (IRS) launched an on-line tax filing system despite known security concerns. Although testing of the fourth release of the IRS Modernized e-File system revealed 13 security vulnerabilities, the system was launched in January 2007.
ISR News: ‘Downandup’ WORM Up
Excerpt by InformationWeek.com’s Thomas Claburn
In October, Microsoft took the unusual step of issuing an out-of-band Security Bulletin, MS08-067, for a vulnerability affecting its Server service. “Because the vulnerability is potentially wormable on those older versions of Windows [XP and earlier], we’re encouraging customers to test and deploy the update as soon as possible,” said Christopher Budd, a Microsoft Security Response Center security program manager, in a blog post.
