- The week in security: The end of Flash ads; Bounty offered as Ashley Madison fallout continues
- 'KeyRaider' iOS malware targets jailbroken devices
- Russian-speaking hackers breach 97 websites, many of them dating ones
- US agency to seek consensus on divisive, volatile topic of security vulnerability disclosures
- Ashley Madison CEO quits, company says they're adjusting to breach
intrusion - News, Features, and Slideshows
After the Office of Personnel Management breach, medical data was labeled as the "<a href="http://www.reuters.com/article/2015/06/05/cybersecurity-usa-targets-idUSL3N0YR30R20150605">holy grail</a>" for cybercriminals intent on espionage. "Medical information can be worth 10 times as much as a credit card number," reported Reuters. And now to steal such information, hospital networks are getting pwned by malware-infected medical devices.
Follow me, if you will, on a journey back in time to just one year ago. As 2013 turned into 2014, the information security industry was buzzing about the latest spate of breaches. Target had ushered in a new era of retail security breaches, with 40 million card numbers lost to the hackers. Little did we know at the time that this was just the beginning, and small potatoes in comparison to what was to come. One year ago, Neiman Marcus and Michaels had joined Target, and <a href="http://www.computerworld.com/article/2487265/security0/security-manager-s-journal--cyberattacks-just-got-personal.html">I wrote in response to the growing number of breach disclosures</a> that "in fact, I have to wonder which retailers have <em>not</em> suffered breaches. The word on the street is that at least a half-dozen other retailers were compromised in the past few months, without publicity." Sadly, this turned out to be true. I hate being right all the time.
In today's threatscape, antivirus software provides little piece of mind. In fact, antimalware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.
Police in Austin, Texas, set up sting operations with cars they have under surveillance, watching for thieves to break into them. Marcus J. Carey's Web service, HoneyDocs -- born in the same city -- uses the same concept, only with computer files.
Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet
Last week Gen. David Petraeus, the director of the Central Intelligence Agency, resigned in response to what has turned out to be a much bigger scandal than it first appeared.
Not long ago, the legal department at a financial services company in New York got a phone call from a hospital in London. The query: Why are you hacking us? With two known IP addresses, it wasn't difficult for the financial firm's information security staff to go back through the logs looking for traffic between the two organizations. And with the traffic identified, locating the computer from which the hacks were taking place didn't take long, either. The culprit: an individual who-as their human resources records soon confirmed-had formerly worked at that very hospital.