The editor-in-chief of Bloomberg News said Monday that reporters working for the company’s news division should never have been allowed to access otherwise restricted client data.

Allegations surfaced last week that Bloomberg reporters have long enjoyed access to some client data via the company’s ubiquitous financial data terminals. The practice was largely unknown outside Bloomberg, and presumably gave the company’s reporters an advantage over competitors.

READ MORE …

A Denver-based domain name provider has suffered a breach where customers’ personal data, including encrypted passwords and credit card information, was compromised.

On Wednesday, Name.com notified customers by email about the incident. The company said the breach appeared to be an attempt by an intruder to “gain information on a single, large commercial account at Name.com,” though an undisclosed number of customers were impacted in the process.

A Name.com customer posted the email on a community forum called MyBB on Wednesday.

“Name.com recently discovered a security breach where customer account information including usernames, email addresses, and encrypted passwords and encrypted credit card account information may have been accessed by unauthorized individuals,” the email said. The company added that it stores customer credit card data using a “strong encryption” method and that the private keys required to access the information are stored “physically in a separate remote location that was not compromised.”

READ MORE …

Eight suspects have been charged in New York for their alleged roles in a global cybercrime ring that authorities say involved the theft of more than $45 million from financial institutions in two cyber heists.

The international gang hacked into the computers of bank card processors to steal prepaid debit card data, erase withdrawal limits on the cards and then pass the information to cashers or mules to siphon the money from ATMs around the world.

The gang first struck December 22 when hackers targeted a credit card processor that handled transactions for prepaid MasterCard debit cards issued to customers of the National Bank of Ras Al-Khaimah PSC, or RAKBANK, in the United Arab Emirates. They handed off the stolen card data to cashers in 20 countries who withdrew $5 million in cash in more than 4,500 ATM withdrawals.

READ MORE …

Having a safe doesn’t do much good if it is left open. Yet the safe where organizations house their data is sometimes left just as unsecure.

Last year for example, it was revealed that a university system upgrade at the University of North Carolina-Charlotte exposed data on the university’s H: drive on the Internet between Nov. 9, 2011, and Jan. 31, 2012. The news got worse for the university when it was discovered that misconfigured access settings also exposed sensitive data from the school’s College of Engineering from 1997 to February 2012.

“DBAs [database administrators] don’t have time for security – they spend less than five percent of their time on it,” said Forrester Research analyst Noel Yuhanna. “Most enterprises are dealing with data explosion that’s creating performance issues and availability concerns, which is where most of their time an effort goes. In a survey we did last year, performance was the top concern.”

READ MORE …

Last year for example, it was revealed that a university system upgrade at the University of North Carolina-Charlotte exposed data on the university’s H: drive on the Internet between Nov. 9, 2011, and Jan. 31, 2012. The news got worse for the university when it was discovered that misconfigured access settings also exposed sensitive data from the school’s College of Engineering from 1997 to February 2012.

“DBAs [database administrators] don’t have time for security – they spend less than five percent of their time on it,” said Forrester Research analyst Noel Yuhanna. “Most enterprises are dealing with data explosion that’s creating performance issues and availability concerns, which is where most of their time an effort goes. In a survey we did last year, performance was the top concern.”

READ MORE …

seeking to break into corporate databases.

“SQL injection is still out there for one simple reason: It works!” says Tim Erlin, director of IT security and risk strategy for Tripwire. “As long as there are so many vulnerable Web applications with databases full of monetizable information behind them, SQL injection attacks will continue.”

Even though some recent data out from WhiteHatshowed that SQL injection attacks bumped down from the top 10 most prevalent Web attacks in 2012, other data from Veracode saw SQLi attacks holding steady last year. And consensus from development, security, and IT consulting experts is that these attacks continue to expose enterprise databases on a daily basis.

READ MORE …