The online attacks launched against multiple banks, insurance companies and television stations in South Korea Wednesday knocked targeted networks offline. But according to security experts, the attacks were relatively unsophisticated and would have required little infrastructure or expertise to launch
The researchers said they’d expected to find “that smartphone devices will retain data from these storage services,” but didn’t know to what extent any leftover “artifacts” might include recoverable information. So they studied three popular cloud storage service apps running on the iPhone and on an HTC Desire running the Android operating system.
Here’s what they found: “Using mobile forensic toolkits, data can be recovered from a smartphone device which has accessed a cloud storage service,” they said. “The results from the experiment have shown that it is possible to recover files from the Dropbox, Box and SugarSync services using smartphone devices.” In addition, artifacts left by those services’ mobile apps in some cases allowed the researchers to gain a “proxy view” of files not stored on the device, but stored by the cloud service.
The Internal Revenue Service still has IT security holes that could put taxpayer data at risk, according to a report from the Government Accountability Office.The IRS identified the security of taxpayer data as its top management priority for fiscal 2013, and the GAO credits the agency for steps taken in response to security issues identified in earlier audits of its computer systems. But the report notes that some problems with the agencys financial and tax-processing systems remain and identifies new ones.
Banks can install only those swipe machines including the double swipe registers at supermarkets which are certified for PCI-DSS Payment Card Industry-Data Security Standards and PA-DSS Payment Applications -Data Security Standards. Merchants and aggregators, whose card acceptance machines are currently operational on Internet Protocol-based solutions, have to mandatorily go through PCI-DSS and PA-DSS certification.
A small nonprofit hospice organization in Idaho has agreed to pay $50,000 to the Department of Health and Human Services to settle allegations of federal data security rule violations over the loss of a laptop containing the personal health information of 441 patients
User-provided password retrieval hints in Windows 7 and 8 operating systems are vulnerable to being retrieved and decoded by attackers.
That finding was made by two security researchers who’ve been studying ways to increase the reliability of tools designed to extract Windows registry information.
Google for years has said that it takes privacy very seriously, but the company’s recent $22.5 million settlement with the Federal Trade Commission for breaking privacy promises and its commitment last year to endure 20 years of FTC privacy audits following “deceptive privacy practices” is pushing the company to take privacy with new, improved seriousness
Next month the National Institute of Standards and Technology NIST plans to put out for public review its draft for a new government encryption standard that, when finalized, is going to compel federal agencies with older websites to replace them
Over the past three years, about 21 million patients have had their medical records exposed in data security breaches that were big enough to require they be reported to the federal government.
New configurations of the Shylock financial malware inject attacker-controlled phone numbers into the contact pages of online banking websites, according to security researchers