More Details of Heartland's Breach Emerge
More details available as to how the breach occurred at Heartland resulting in potentialy the biggest breach ever of nearly 100m credit card transactions. Investigators discovered that a piece of malware was hillden in an unallocated portion of disk on one of the Heartland servers. What puzzles me though is; How did a user have […]
Largest Breach Ever
Courtesy of Brian Krebbs from the Washington Post it appears that the largest ever breach of credit card data may have occurred. It appears that a payment processor company in the United States, Heartland Payment Systems, discovered malware on their network that may have captured the credit and debit card details of over 100 million […]
Plane Security
At this stage you no doubt have heard about the miraculous emergency landing of the US Airways Flight 1549 in New York’s Hudson river. Thanks to the skill, experience and bravery of the pilot and the crew, all 155 people on board managed to get out of the plane safely with relatively few injuries. So what […]
List of the TOP 25 Most Dangerous Programming Errors Released
Earlier today the List of the Top 25 Most Dangerouse Programming Errors was released. The list was compiled by a number of different organisations and coordinated by the SANS Institute. Criminals are now moving from attacking the infrastructure layer and moving to finding ways into systems by means of bugs in the applications sitting on […]
Technology Is Not The Silver Bullet
The raft of data breaches involving lost laptops and mobile devices that occurred last year, both in the government and private sector, led to a rash of organisations running out to encrypt these mobile devices. While an effective tool in helping to secure data on mobile devices, encryption by itself is not a silver bullet […]
SSL Certificates Vulnerable to Attack
The computer security community is abuzz with the news announced today by a team of security researchers at the 25th Chaos Communication Congress in Berlin. The researchers were able to demonstrate how they were able to generate a fake Certificate Authority certificate and thereby allowing them to impersonate any secure website using SSL certificates. The research […]
Castlecops Website Shuts Down
Castlecops the volunteer website set up to help fight against internet fraud and scams has sadly closed its doors. Despite being the targets of many DDOS attacks, Castlecops managed to keep up and running and be a thorn in the side of cyber criminals. However, it looks like the volunteer group has finally had to […]
December Edition of Security Watch Newsletter Now Available
The December 2008 edition of our sister publication, the Security Watch Newsletter, is now available online. For those of you who do not subscribe to our newsletter, you may find it a useful read as we highlight issues and stories that may not be applicable to our Blog
Microsoft To Release Out Of Cycle Patch for IE Vulnerability
Microsoft has announced that it will release an out of band patch for the vulnerability in Internet Explorer as outlined in the Microsoft Security Advisory 961051. The patch will be released on the 17th December 2008. Microsoft will host two webcasts to address questions on the patch. The first is scheduled for 13:00 Pacific Time (US […]
Irish Cyber Crime Survey Results
While not yet published, some of the results from the 2007 Irish Crime Survey were revealed in the SiliconRepublic.com. The survey was compiled by the Irish chapter of the Information Systems Security Association (ISSA) and University College Dublin’s Centre for Cybercrime Investigation. The survey looks at attacks and intrusions at both public and private organisations […]