[ISN] Denver-based Ping Identity gets $35 million investment boost

http://www.denverpost.com/business/ci_26556583/denver-based-ping-identity-gets-35-million-investment By Laura Keeney The Denver Post 09/18/2014 Recent data breaches at high-profile companies such as Home Depot and Goodwill Stores have thrust Internet security back into the spotlight, and one local company is on the verge of a giant leap forward in the mission to make data safer. Denver-based Ping Identity is expected to announce early Thursday a $35 million investment boost, led by global investment firm KKR and newcomer Ten Eleven Ventures, which also includes some of Ping’s existing investors. This investment brings Ping’s total funding to $110 million. This latest shot in the arm is recognition that data security is a hot topic. It’s also a nod to Ping’s identity and access-management technology — generally called “single sign-on” — that goes above and beyond traditional password-based approaches to data security, said Ping’s senior marketing director Jeff Nolan. “Companies have an appetite for the kind of change we’ve been talking about for years because the cost of a data breach is far greater than the cost of replacing the old infrastructure that allowed it in the first place,” he said. “There’s independent research that shows something like 76 percent of those data breaches are the result of a compromised password. The solution here is not better passwords but getting rid of the password altogether.” […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Attend Cyber Security EXPO – ExCel London, 8-9 October 2014

Cyber Security EXPO is a new event for everybody wanting to protect their organisation from the increasing commercial threat of 21st century cyber-attacks. The challenge of securing corporate data and networks to mitigate risk is greater than ever, so Cyber Security EXPO has been designed to include the following themes – Internet & Network Security, Cyber Crime, Log Data & Advanced Analytics, Identity & Access Management, Privacy & Data Protection, Cloud Security & Governance & more. Co-located with IP EXPO Europe, Cyber Security EXPO, 8-9 October 2014 at ExCel London will host 300+ seminars with CPE points available, 250+ exhibitor and presentations from the likes of Sir Tim Berners-Lee, Mikko Hypponen and Bruce Schneier and many more Register FREE here: http://bit.ly/1oMEvRH


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China Wants To Replicate NSA’s Cyber Schools

http://www.defenseone.com/threats/2014/09/china-wants-replicate-nsas-cyber-schools/94475/ By Aliya Sternstein Nextgov Sept 18, 2014 Chinese universities are welcome to adopt the U.S. National Security Agency’s cyber education program, the top U.S. computer security education official said, after a recent trip to Beijing. Entrepreneurs in China have voiced support for improving the notoriously spotty relations between the U.S. and China in cyberspace by patterning Chinese courses on NSA-approved curricula, said Ernest McDuffie, head of the National Initiative for Cybersecurity Education. The offer of shared cybersecurity training comes at a time when both countries are exchanging accusations of hacking each other’s trade secrets. Both parties have denied these allegations. “It’s not like we’re giving away some deep, dark secret that they didn’t know before,” McDuffie said during an interview. “And it gives you the chance to put ethics into the mix.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Crime Ring Revelation Reveals Cybersecurity Conflict of Interest

http://www.scientificamerican.com/article/crime-ring-revelation-reveals-cybersecurity-conflict-of-interest/ By Erik Schechter Scientific American Sep 15, 2014 A small cybersecurity firm claimed this summer to have uncovered a scam by Russian Internet thieves to amass a mountain of stolen information from 420,000 Web and FTP sites. The hacker network, dubbed “CyberVor,” possessed 1.2 billion unique credentials—a user name and matching password—belonging to 500 million e-mail addresses, asserted Hold Security, LLC. Those numbers made Internet security watchers and even some consumers sit up and take notice—people use such credentials to access banking, investment and social media accounts after all. If true, the CyberVor haul would dwarf last December’s data breach of retailer Target, in which 40 million customer credit cards were compromised. Although a New York Times story lent credibility to Hold Security’s claims, some observers question whether the cybersecurity vendor’s big reveal was more of a publicity stunt than a public service. The firm’s decision to charge potential victims a $120 fee for their Breach Notification Service did not help matters. Panic and publicity certainly play a role in cybersecurity efforts, as companies that make antivirus and other protective software try to provide computer users with a sense of the unseen threats facing their devices and data on a daily basis. But questions arise when these companies yoke together the part of their businesses that finds and analyzes security threats with the part that sells software and services to mitigate those threats. Even large, established firms such as Symantec Corp. have been accused of exaggerating the gravity of security threats to boost sales. A decade ago U.S. regulators cracked down on financial services firms for the questionable practice of having their equity research and investment banking divisions work together to endorse and then sell certain investments. No such oversight exists for cybersecurity companies. Although not surprising, given the relatively nascent nature of cyber threats, this conflict of interest means these companies walk a thin line between defending computers and other Internet-connected devices and profiting from people’s fear that their personal data is vulnerable at any time to online attackers. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Home Depot: 56M Cards Impacted, Malware Contained

http://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/ By Brian Krebs Krebs on Security Sept 18, 2014 Home Depot said today that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record. The disclosure, the first real information about the damage from a data breach that was initially disclosed on this site Sept. 2, also sought to assure customers that the malware used in the breach has been eliminated from its U.S. and Canadian store networks. “To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” the company said via press release (PDF). “The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.” That “enhanced payment protection,” the company said, involves new payment security protection “that locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail