Cyber Security Institute

Friday, February 29, 2008

Top 10 vulnerabilities in Web Applications in Q4 2007

Top ten web application vulnerabilities according to Qualys, Q4 2007.


Law makers voice concerns over cybersecurity plan

Members of the House of Representative sought details, on Thursday, of a $30 billion plan to secure federal government systems and upgrade network defenses to ward off attacks from foreign nations and online criminals.  Known as the Cyber Initiative, the Bush Administration project would dramatically reduce the number of interconnections between federal government networks and the Internet and put more advanced network security in place to monitor data traffic for signs of malicious attacks.  While the 5- to 7-year project could dramatically improve the network defenses of government agencies, law makers questioned whether the initiative will be too little, too late, and whether the resulting network monitoring could undermine privacy.


Monday, February 25, 2008

Trend Micro buys UK encryption firm

Trend Micro has acquired Identum, an e-mail encryption software vendor based in Bristol, U.K.  The server software will automatically encrypt messages, depending on the user’s corporate security policy, and can be used alongside existing e-mail and compliance products.


How much does a data breach cost UK companies?

Data breaches cost UK companies an average of 47 for every record lost.  This means the average cost to a company which suffers a data breach is 1.4m.



Saturday, February 23, 2008

Banks: Losses From Computer Intrusions Up in 2007

U.S. financial institutions reported a sizable increase last year in the number of computer intrusions that led to online bank account takeovers and stolen funds, according to data obtained by Security Fix.  The data also suggest such incidents are becoming far more costly for banks, businesses and consumers alike.  The unusually detailed information comes from a non-public report assembled by the Federal Deposit Insurance Corporation, the federal entity that oversees and insures more than 9,000 U.S. financial institutions.  The statistics were gathered as part of a routine quarterly survey called the Technology Incident Report, which examines so-called suspicious activity reports (SARs).  In this case, SARs that were filed in the 2nd Quarter of 2007.


Wednesday, February 20, 2008

Data Breach Notification Laws, State By State

Five years after California’s landmark SB 1386, this interactive map shows you which 38 states have passed laws requiring companies to notify consumers whose personal information has been compromised.  More than five years after California’s seminal data breach disclosure law, SB 1386, was enacted, not all states have followed suit.  Eleven states still have not passed laws mandating that companies notify consumers when that company has lost the consumer’s personal data.  One state, Oklahoma, does have a breach notification law, but it only applies to state entities that have lost data.  That leaves 38 states that have enacted some sort of breach disclosure law.


Friday, February 15, 2008

Report: Hacker Attacks Against Healthcare Organizations Up 85 Percent

Attempted attacks have increased from an average of 11,146 per healthcare client per day in the first half of 2007 to an average of 20,630 per healthcare client per day in the last half of 2007 through January.  Hunter King and Don Jackson, security researchers with SecureWorks Counter Threat Unit, attribute the increase in attacks to several factors.  These include the increase in client-side attacks (attacks against the employees’ PCs), the fact that healthcare organizations have large attack surfaces in which hackers can try and break in, the volume of personal, identifiable information and health insurance credentials being stored by healthcare organizations, and the valuable computing resources available to healthcare entities.