Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
A U.S.-based hacker just pleaded guilty to stealing more than 675,000 credit cards that led to more than $36 million in fraud. "These SQL injections are allowing someone in through the side fence, not the front door," says information security attorney Randy Sabett.
SWIFT says globalization, regulation and the introduction of new services from non-financial providers will set the tone for 2011. But increasing transaction volume and the convergence of payment technologies from differing global markets also pose their own challenges.
Verizon's newly-released 2011 Data Breach Investigations Report finds that the number of compromised records has dropped dramatically, but incidents are up, and hackers are still finding new ways to get into systems and servers.
Payment card fraud. ACH and wire transfers. ATM skimming. And especially insider crimes. These are among today's top information security threats to institutions, says banking regulator Gigi Hyland in an exclusive interview.
Heartland Payment Systems hacker Albert Gonzalez seeks to overturn his conviction and 20-year sentence, a record for a computer breach, maintaining he committed his crimes with the knowledge of his Secret Service handlers.
Experts say banks and retailers are doing all they can to control concerns in the aftermath of the Epsilon e-mail breach, and a well-crafted e-mail fooled an RSA employee into opening a phish that led to a sophisticated attack on the company's information systems.
Most furloughed federal employees would have had to turn in their BlackBerries and other mobile devices in a U.S. government shutdown. Just as well, using the technology could have resulted in an employee landing in the slammer.
The Department of Homeland Security works with RSA to investigate the sophisticated attack aimed at RSA SecurID two-factor authentication products, and card fraud linked to pay-at-the-pump gas terminals in Arizona tourist spots is on the rise.
This kind of problem happens to everybody, says Marcus Ranum, CSO of Tenable Network Security, in response to the widely publicized breach at RSA. And maybe hes right. Perhaps this kind of problem does happen to everyone. But should it?
International Airline Employees Federal Credit Union of Briarwood, N.Y., reported earlier this month that suspicious transactions from toll booths in France have been hitting the institution's Visa cards.
Emerging technologies, application vulnerabilities and regulatory compliance force organizations to bridge the development and security silos and find avenues for interdisciplinary cooperation to produce secure software.
Global banking institutions can learn from Japan's disaster planning and response. And a sophisticated cyberattack is launched against RSA, targeting the security unit of EMC's SecurID two-factor authentication products.
When the business demands the latest tools and technologies, saying "no" is not a viable option. "Clearly, these are disruptive things, but they also are extremely valuable," says Simon Godfrey, Director, Security Solutions at CA Technologies UK.