My Latest Gartner Research: Competitive Landscape: Content-Aware Data Loss Prevention Market, 2014

Product costs in the DLP market remain relatively high, likely due to strong demand for data protection initiatives against the backdrop of increasing public data breach disclosures. Behavioral analytics and context-aware security capabilities will be critical distinctions in future …

Gartner customers can read this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Clinkle Gets Hacked Before It Even Launches

http://techcrunch.com/2014/01/30/clinkle-gets-hacked-before-it-even-launches/ By Jordan Crook @jordanrcrook TechCrunch January 30, 2014 Clinkle is the hottest app around to have done mostly nothing. The stealth payments service, which has raised $30 million from big-name investors, has yet to publicly launch. But that doesn’t mean it can’t be hacked. Today, a guest user posted a list of 33 usernames, user IDs, profile photos, and phone numbers to PasteBin. Based on the data provided, it seems as though these users are Clinkle employees who are testing the app. Founder Lucas Duplan is on the list (yep, that’s his Clinkle profile pic, shown above), as well as former Netflix CFO and Clinkle COO Barry McCarthy. Former PayPal exec Mike Liberatore, now Clinkle CFO, is also listed. The data was seemingly accessed through a private API that Clinkle has in place. Referred to by the hacker as “typeahead”, the API appears to be the basis of an autocomplete tool, allowing uses to type a single letter (like ‘A’) and find all usernames starting with that letter (like ‘Adam’ and ‘Andrew’). [Note: Twitter has a similar tool with the same name


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Yahoo resets passwords after email hack

http://www.computerworld.com/s/article/9245908/Yahoo_resets_passwords_after_email_hack By Jeremy Kirk IDG News Service January 30, 2014 Yahoo has been resetting email accounts that were targeted in an attack apparently aimed at collecting personal information from recently sent messages, the company said Thursday. The list of usernames and passwords used for the attack was likely collected when another company’s database was breached, Jay Rossiter, a Yahoo senior vice president, said in a blog post. He didn’t name the third party or say how many accounts were affected. “We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack,” Rossiter wrote. The hackers used a malicious software program to access Mail accounts with the stolen usernames and passwords, he wrote. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Target Hackers Tapped Vendor Credentials

http://www.informationweek.com/security/attacks-and-breaches/target-hackers-tapped-vendor-credentials/d/d-id/1113641? By Mathew J. Schwartz InformationWeek.com 1/30/2014 Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer. “We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials which were used to access our system,” Target spokeswoman Molly Snyder said Thursday via email. Target declined to identify the vendor whose credentials attackers had obtained, though confirmed that the attack vector has been blocked. “As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access,” she said. “Since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues.” Target’s attackers ultimately stole 40 million credit and debit cards collected by the retailer’s point-of-sale (POS) systems, set up a server inside Target’s network to collect that stolen data, then regularly sent it in batches via FTP to a server in Russia. Attackers also stole personal details pertaining to 70 million Target customers. While Target declined to disclose further details from its investigation, security journalist Brian Krebs reported Wednesday that Dell SecureWorks this week released a private report to some of its clients, which suggests that Target’s attackers gained access to Performance Assurance for Microsoft Servers, which is IT infrastructure management software sold by BMC Software. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New questions about patient privacy at North Country Hospital

http://www.wcax.com/story/24582782/new-questions-about-patient-privacy-at-north-country-hospital By Melissa Howell WCAX.com Jan 29, 2014 NEWPORT, Vt. – North Country Hospital in Newport received a regulatory citation from the Center for Medicare and Medicaid after two unauthorized employees viewed confidential medical records. It was discovered last fall that the hospital was not conducting proper surveillance when CMS made an unannounced visit. “Medical information from two patients’ records was accessed by two people without, who did have the need to know, they were not involved in the individual’s direct care,” said Fran Keeler of the Vt. Division of Licensing and Protection. Newport residents say this breach raises concerns about patient privacy. “You have to know your records are safe. People shouldn’t be looking at records that they’re not entitled to look at,” said Brandie Barton of Newport. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] EXCLUSIVE – CSEC used airport Wi-Fi to track Canadian travellers: Edward Snowden documents

http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881 By Greg Weston, Glenn Greenwald, Ryan Gallagher CBC News Jan 30, 2014 A top secret document retrieved by U.S. whistleblower Edward Snowden and obtained by CBC News shows that Canada’s electronic spy agency used information from the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal. After reviewing the document, one of Canada’s foremost authorities on cyber-security says the clandestine operation by the Communications Security Establishment Canada ( CSEC) was almost certainly illegal. Ronald Deibert told CBC News: “I can’t see any circumstance in which this would not be unlawful, under current Canadian law, under our Charter, under CSEC’s mandates.” The spy agency is supposed to be collecting primarily foreign intelligence by intercepting overseas phone and internet traffic, and is prohibited by law from targeting Canadians or anyone in Canada without a judicial warrant. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] New Clues in the Target Breach

http://krebsonsecurity.com/2014/01/new-clues-in-the-target-breach/ By Brian Krebs krebsonsecurity.com Jan 29, 2014 An examination of the malware used in the Target breach suggests that the attackers may have had help from a poorly secured feature built into a widely-used IT management software product that was running on the retailer’s internal network. As I noted in Jan. 15′s story – A First Look at the Target Intrusion, Malware – the attackers were able to infect Target’s point-of-sale registers with a malware strain that stole credit and debit card data. The intruders also set up a control server within Target’s internal network that served as a central repository for data hoovered up from all of the infected registers. That analysis looked at a malware component used in Target breach that was uploaded to Symantec’s ThreatExpert scanning service on Dec. 18 but which was later deleted (a local PDF copy of it is here). The ThreatExpert writeup suggests that the malware was responsible for moving stolen data from the compromised cash registers to that shared central repository, which had the internal address of 10.116.240.31. The “ttcopscli3acs” bit is the Windows domain name used on Target’s network. The user account “Best1_user” and password “BackupU$r” were used to log in to the shared drive (indicated by the “S:” under the “Resource Type” heading in the image above. That “Best1_user” account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas base BMC Software — includes administrator-level user account called “Best1_user.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GoDaddy Admits Hacker’s Social Engineering Led It To Divulge Info In @N Twitter Account Hack

http://techcrunch.com/2014/01/29/godaddy-admits-hackers-social-engineering-led-it-to-divulge-info-in-n-twitter-account-hack/ By Matthew Panzarino @panzer TechCrunch January 29, 2014 An update in the @N account hacking case has just come through from GoDaddy, one of the companies involved in the somewhat convoluted social engineering case. The company admits that one of its employees was ‘socially engineered’ into giving out additional information which allowed a hacker to gain access to Naoki Hiroshima’s GoDaddy account. The hack, which we detailed in a post earlier today, was performed by calling up PayPal and GoDaddy to gain access to Hiroshima’s personal email, which was then used to extort the @N Twitter user handle from him. Hiroshima outlined the hack in a post on Medium, which garnered a lot of attention. We received responses from Twitter that the matter was being looked into and PayPal was spurred to issue a denial that it had provided credit card information, and to note that its employees were trained to avoid social engineering attacks. Social engineering is a method of hacking in which attackers utilize personal or not-so-personal information to impersonate the rightful owner of an account. They call up the company in question and engineer a ‘reset’ of the account permissions that allow them to take over. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail