TeamSHATTER

In its fifth year of publication, the Data Breach Investigation Report (DBIR) by Verizon spans 855 data breaches across 174 million stolen records. Mark Goudie, Managing Principal, Asia-Pacific – Investigative Response, Verizon Business, talked to Jasmine Desai about the latest security threats and solutions for the same Click for complete article >>

The debacle over U.S. Credit Card processing company Global Payments security breach and stolen credit numbers continued yesterday with a press release from the company answering questions. Global Payments made news in late March when Krebs on Security reported as many as 10 million credit cards could have been stolen in a security breach occurring between January 21 and February 25 of this year. Click for complete article >>

Almost a decade after a new law went into effect to strengthen health privacy protections, the number of breaches of patient records and databases across the U.S. suggests that personal health information is not as private or secure as many consumers might want or expect. Since fall 2009, more than 400 large health care breaches affecting at least 500 people and more than 50,000 smaller breaches have been reported to the federal government. Click for complete article >>

I recently came upon a blog post by Adrian Lane of Securosis titled ‘Pain comes instantly – fixes come later’, in which he comments on yet another blog post ‘Pain comes instantly’ by Oracle’s CSO, Mary Ann Davidson. Anything ‘Oracle security’ always gets me curious, so I went ahead and worked my way through both articles. Let’s just say one of them is a rather lengthy read. The core point of Mary Ann Davidson’s post is an objection she has…

Mary Ann Davidson’s recent post Pain Comes Instantly has been generating a lot of press. It’s being miscast by some of the media outlets as trashing PCI Data Security Standard, but it’s really about the rules for vendors who want to certify commercial payment software and related products. The debate is worth considering, so I recommend giving it a read. It’s a long post, but I encourage you to read it all the way through before forming opinions, as she…

Visa removed Global Payments, an Atlanta company that helps the payment giant process transactions for merchants, from its list of “compliant service providers.” A security breach at Global Payments reported on Friday was thought to have compromised up to three million credit card accounts. It is among a group of companies that act as the plumbing in the electronic transaction chain, authorizing millions of transactions a day. That makes the companies prime targets for data thieves looking to steal richly detailed…

A 2009 data breach that has already cost BlueCross BlueShield of Tennessee nearly $17 million got a little more expensive Tuesday. The insurer today agreed to pay $1.5 million to the U.S. Department of Health and Human Services (HHS) to settle Health Insurance Portability and Accountability Act (HIPAA) violations related to the breach. Under the settlement, BlueCross BlueShield has also agreed to review and revise its privacy and security policies and to regularly train employees on their responsibilities under the…

As the number of healthcare data breaches continues to snowball, executives put in charge of safeguarding protected health information (PHI) can’t keep up with the risks inherent with increased deployment of electronic health records (EHR) without enough financial backing to get the job done. And the only way that these PHI protectors can squeeze that juice from the C-suite is if they make themselves fluent in the language of financial justification, say authors of a new report out this week…

As adoption rates rise, health IT makes protected health information (PHI) available to more organizations and entities, increasing the likelihood of data being improperly disclosed, lost or stolen. Despite the risks and costs of a potential data breach, many healthcare executives aren’t doing enough to support their organizations’ security efforts, but researchers from the American National Standards Institute (ANSI) believe they’d do more if the far-reaching consequences of a breach were more clearly outlined. Click for complete article >>

Intrusion Detection Systems (IDS), Vulnerability Assessment and Logging platforms have been around for a long time, being some of the very first security tools available. However, it was the inability of these technologies to adequately address specific threats spawned new twists to these technologies. For example, IDS was ineffective at understanding SQL Queries and common application processes, so database activity monitoring was created to fill the gap. Vulnerability assessments were fine at assessing operating system and device settings, but lack…