Archive for the Category ◊ DataBase Security ◊

OLLEGE PARK, Md. – Hackers, breaching the University of Maryland’s personnel information database security, obtained social security numbers dating back to 1998, according to a message from university President Wallace Loh.

“I am truly sorry. Computer and data security are a very high priority of our University,” Loh said in the letter posted online.

The database contained 309,079 records of faculty, staff, students and affiliated personnel from the College Park and Shady Grove campuses who have been issued a university ID since 1998, the letter states. The information contained within the record include social security numbers, date of birth and college ID.





An IT entrepreneur has played down security fears over the UK National Health Service’s new digital records database and has stated that the digitising of records is long overdue.

Related: NHS admits its medical records database is a security nightmare waiting to happen

Scott Fletcher, IT entrepreneur and ANS Group founder, thinks that people have nothing to fear from the new system that has been a long time coming and that a secure cloud will help to make sure the system isn’t beset by security problems.

“People say this will be expensive and difficult but it doesn’t have to be that way. Electronic medical records are a basic piece of a more efficient and effective health care system,” Fletcher said. “Such records, safe and secure in “The Cloud,” will improve physicians’ ability to diagnose and treat patients accurately and more quickly and do away with unnecessary, costly and time-wasting tests.”

Experts question security used in Target breach
Wednesday, February 19th, 2014 | Author:

CSO – The latest details from the Target breach investigation raises questions as to the security the retailer had in place for third-party vendors accessing its partner portal and billing system.

[Target credential theft highlights third party vendor risk]

In addition, the information uncovered by the blog KrebsOnSecurity revealed that the Target attack started with malware-carrying email used in a phishing attack against an outside vendor, which used a free version of anti-virus software for protection. More than 110 million consumers had credit card and personal data stolen in the breach of Target’s electronic cash registers late last year.





Red Hat and Hortonworks hook up for Hadoop
Thursday, February 13th, 2014 | Author:

IDG News Service – Red Hat and Hortonworks have vowed to work together to make it easier to run Hortonwork’s Hadoop Data Platform (HDP) with Red Hat’s JBoss set of middleware, and other Red Hat enterprise software.

“The alliance will bring enterprise Apache Hadoop to a much wider audience that is very familiar with Red Hat and [Red Hat] JBoss technologies,” said Shaun Connolly, Hortonworks vice president of corporate strategy.

Specifically, the companies will work on improving integration between the two companies’ technologies, making it easier for administrators to connect the software.





How today’s enterprises use Big Data
Thursday, February 13th, 2014 | Author:

The hype around big data is feverish, and it’s driving enormous spending growth.

Research firm IDC expects the big data technology and services market to grow at a rate of 27% year-over-year, reaching $32.4 billion in 2017. To put that in perspective, the big data market is growing at a rate that’s six times stronger than the overall information and communication technology market, IDC says.

Though the money is flowing, it’s not always clear whether enterprises are finding success as they move past early adoption stages. To find out, researchers polled IT executives and managers, who shared details about their organizations’ big data initiatives, investments, and priorities.






Computerworld – The massive data breach at Target last month may have resulted partly from the retailer’s failure to properly segregate systems handling sensitive payment card data from the rest of its network.

Security blogger Brian Krebs, who was the first to report on the Target breach, yesterday reported that hackers broke into the retailer’s network using login credentials stolen from a heating, ventilation and air conditioning company that does work for Target at a number of locations.

According to Krebs, sources close to the investigation said the attackers first gained access to Target’s network on Nov. 15, 2013 with a username and password stolen from Fazio Mechanical Services, a Sharpsburg, Pa.-based company that specializes in providing refrigeration and HVAC systems for companies like Target.





The biggest insider threat in history not surprisingly has made a big impression on most U.S. defense contractors, who say Edward Snowden’s pilfering and leaking of sensitive NSA documents has inspired changes to their internal security policies and practices.

A new survey of 100 IT and security managers at U.S. defense contractor firms found that 75 percent say Snowden’s leak spurred them to alter in-house security practices in some way. Some 55 percent say they now provide employees more cybersecurity awareness training, 52 percent have reviewed or are revisiting user access privileges, 47 percent say they are on “high alert” for unusual network activity by users, and 41 percent say they have enacted tougher hiring practices, according to the OpinionMatters survey commissioned by ThreatTrack.




Yahoo attack places spotlight on identity management
Wednesday, February 05th, 2014 | Author:

CSO – The attack on Yahoo that started with the theft of user credentials from a third-party database highlights the risk of sharing usernames and passwords across multiple websites.

Yahoo reported Thursday that attackers using computer software used the stolen credentials to log into Yahoo Mail accounts and search for names and email addresses on sent emails. Upon discovering the attack, Yahoo shutdown access to the affected accounts, alerted users and asked that they reset their passwords.

Yahoo, which did not disclose how many webmail accounts were affected, said it had no evidence that the usernames and passwords came from its own systems.




Target credential theft highlights third-party vendor risk
Wednesday, February 05th, 2014 | Author:

CSO – Target’s disclosure that credentials stolen from a vendor were used to break into its network and steal 40 million credit- and debit-card numbers highlights the fact that a company’s security is only as strong as the weakest link in its supply chain.

No matter how strong Target’s internal security was, if the breach started with a third-party vendor, then the weakness was in how the retailer managed the security risk all large companies face when partners and suppliers interact with their networks, experts say.

“Hackers have reached a new level of mastery and companies are really struggling,” Torsten George, vice president of marketing and products at risk management vendor Agiliance, said. “They’re putting a lot of effort in protecting their own networks, but how do you really go after your suppliers and vendors? How do you assess the risk in doing business with them?”





IDG News Service – Payment card data was stolen during the past three months from several dozen retailers that had their point-of-sale systems infected with a memory-scraping malware program called ChewBacca.

The cybercriminal operation was investigated by antifraud researchers from RSA, the security division of EMC, who analyzed the malware and its command-and-control infrastructure.

Most of the affected retailers are based in the U.S., but PoS infections with this malware were also detected in 10 other countries, including Russia, Canada and Australia, the RSA researchers said Thursday in a blog post.