1-in-4 worms spread through infected USB devices
Hard on the heels of a report that a USB drive was used to compromise U.S. military networks in 2008, a security company today claimed that 25% of all new worms are designed to spread through the portable storage devices. via 1-in-4 worms spread through infected USB devices.
Tenable Network Security Awarded U.S. Patent for Network Monitoring Technology – Technology | Centre Daily Times – State College, PA | Penn State, Nittany Lions, weather, news, jobs, homes, apartments, real estate
Tenable developed the Passive Vulnerability Scanner PVS to complement its other market leading active network scanner, Nessus. Where Nessus allows organizations to audit networks for known vulnerabilities, conduct full patch and configuration and compliance audits at a point in time, Tenable’s PVS allows organizations to continuously monitor the same network by analyzing network traffic 24×7 [...]
Privacy software: Who are the early leaders? – software, security, privacy, ControlCase, Consult2Comply, brinQa, Avior Computing, Archer, applications, Agiliance – Security & Email – PC World Business
Together they form what I’d call the “privacy GRC” market, where GRC stands for “governance, risk and compliance.” GRC makes up most of what privacy people do. It’s not a big market. To put things into perspective, Gartner is only in its third year of analyzing the nascent IT GRC market. The privacy GRC market [...]
Windows DLL load hijacking exploits go wild
Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company’s software. Also on Tuesday, a security firm that’s been researching the issue for the last nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking, [...]
Visa offers new guidance on securing payment applications – Computerworld
Visa on Tuesday announced a set of security best practices for vendors of payment applications and for the systems integrators and resellers responsible for implementing and managing them. The guidelines are designed to address continuing vulnerabilities in the payment chain stemming from insecure implementations of the applications that are used in credit and debit card [...]
Visa Provides Guidance on Secure Implementation and Management of Payment Applications — SAN FRANCISCO, Aug. 24 /PRNewswire/ –
Visa today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants. The best practices developed by Visa in collaboration with the SANS Institute are designed to complement the Payment Card Industry (PCI) Payment Application Data Security Standard (PA-DSS). via Visa Provides [...]
Google Apps gets FISMA-certified for government work
Google has landed an important federal certification for encryption and security. An official Google blog post said that the company has received Federal Information Security Management Act (FISMA) certification and accreditation from the U.S. government for its Google Apps office productivity suite, including Gmail. via Google Apps gets FISMA-certified for government work.
Data breach prevention top of mind for healthcare IT decision makers (WTN News)
According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations [...]
PCI Update Gets Mixed Reviews
There’s one section in the standard that is more important than any other, says Tom Wills, security and fraud senior analyst at Javelin Strategy and Research. Requirement 6.2 – “apply a risk-based approach for addressing vulnerabilities” – needs to become the over-arching requirement in the entire standard, he says. “This would mean all security controls [...]
Changes to PCI Data Security Standard leave questions unanswered
“But what is glaringly lacking is progress on the hard and most important issues, including the implications of adopting alternative technologies” on PCI compliance requirements, she said. According to Litan, many Gartner clients are trying to understand whether their adoption of new technologies such as chip cards, tokenization and end-to-end encryption will limit the scope [...]
