The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate and entertain on security happenings and culture.
Kreditech, a Germany-based consumer finance startup that lends money to consumers with little or no credit rating, was the target of the latest financial breach.
A recent breach forced a video streaming and gaming community to reset all of their users’ passwords, forcing users to choose a new password after their next login, according to ArsTechnica.com.
Retail data breaches are up 10 percent, as Mandiant's M-Threat report found. Attackers are continuing to cash in by using malware designed especially for breaching retailer systems, stealing customer payment data, and retailer login credentials.
> Back at the end of November 2014, the Office of Personnel Management (OPM) released an IT security audit report on the state of Premera’s security profile, noting a gap in access controls. A few months later, Premera discovered a breach of their systems that may have compromised the medical and financial data of 11 million individuals.
The Weekly Ink is the weekly newsletter brought to you by Duo Labs, with curated links of interest in the security world to help educate the company - and anyone else who will listen - on security happenings and culture.
> Predictions that 2015 would be a year of ‘healthcare breaches’ are proving prescient, as another massive security incident comes to light.
The annual Federal Information Security Management Act (FISMA) report (PDF) for Congress published Feb. 27 reveals a 15 percent increase in information security incidents impacting federal agencies last year, totalling nearly 70,000 events, recognizing that “strong authentication remains a key challenge.”
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) finds that the energy sector reported the highest number of security incidents in 2014 at 32 percent, while the critical manufacturing industry came in second at 27 percent, in their most recent Monitor newsletter.
In most breach cases, a devious lone hacker, or an army of state-sponsored foreign attackers are among the defendants named in the media. But former employees may also pose a serious risk, as an FBI press release about a security breach case involving a New York company and former employee revealed a few weeks ago.
As The Wall Street Journal reported, criminals are loading stolen credit card data on iPhones in order to make fraudulent purchases, taking advantage of lax bank security requirements for authentication.
A new study from CloudPassage, the LinkedIn Cloud Security Spotlight Report, has found that in order to secure the cloud, information security professionals are moving away from perimeter-based security models.
Mobile apps that take on the work of online banks need also take on the responsibility of security. This could be seen in the recent Slate article detailing the hack of a web developer’s account with Venmo...
While retail data breaches appeared to be in vogue last year, they haven’t exactly gone out of style quite yet - Zoup, a soup eatery chain, and Natural Grocers, a health food chain may be victims of credit card theft, according to Brian Krebs.
Security company Bronzeye has reported the possibility of a bypass of two-factor authentication (referred to as ‘two-step authentication’) used by a large UK bank, as the Financial Times reported.
The Department of Veteran Affairs is seeking to increase its information security budget from $156 million in 2015 to $180.3 million in 2016, a 16 percent increase, according to Federal Computer Week.
While the healthcare industry is slowly moving forward in technological advances due to federal and state legislature, security and privacy concerns are still backed by the numbers. In 2014, medical identity theft grew nearly 22 percent...
Mandiant’s M-Threat 2015 report details how a publicly-available “pentesting” tool, Mimikatz, can be used to steal password hashes and dump plaintext passwords extracted from memory, helping attackers move laterally within your network.