Monthly Archives: August 2014

Wireless Emporium site compromised by malware


August 19, 2014

A US retailer, Wireless Emporium, has recently suffered a massive data breach on it's website computer server, in which a substantial amount of personal and confidential information may have been compromised.

Wireless Emporium is a retailer specialising in cellphone accessories and mobile products such as chargers, cases and batteries. A malware installation on the website server may have opened access to valuable data.

Continue reading

Las Vegas brain and spine surgery centre hit with insider breach


August 16, 2014

A medical centre in the United States has recently been hit with a substantial data breach, which is now believed to have originated from within the centre itself.

The Las Vegas Western Regional Center for Brain & Spine Surgery (WRCBSS) reported the breach on July 9, stating that 12,000 individuals have been impacted. Names, addresses, Social Security numbers and billing account numbers for the organisation were included in the stolen data.

Continue reading

August 2014 Newsletter


August 11, 2014

Table of Contents:
• A CIO’s Approach to Developing a Security Framework 101
• Penetration Testing Applications
• Practical Security: Browser Security Settings
• Upcoming Events
• Achieving Comprehensive PCI DSS 3.0 Compliance
• The SG Community

Web Version: http://securusglobal.createsend1.com/t/ViewEmail/j/513E2918A2BFF01D

A CIO’s Approach to Developing a Security Framework 101

One of the biggest questions we always get asked by CIOs and other senior business management in regards to Information Security and IT Risk Management is where to begin. Do you focus on purchasing security tools first, developing policies and standards or getting an audit done and working from the results of that audit?

From our experience, while all of the above can assist in some way, developing a framework about how you will think about your security position is the number one priority before you make a major investment in tools, your staff’s time or the costs of hiring consultants. You may find that a lot of the costs you estimated originally may not be needed. Continue reading

ABI: Cyber attacks pushing DLP market growth


August 09, 2014

Data breaches are growing in number, driving a massive loss prevention market, according to a new report from analytical firm ABI Research.

It's not just the quantity, however, as these enterprise attacks have also been growing in sophistication throughout the past decade, to the point where breach and data theft at the enterprise level are now inevitable.

Continue reading

SafeNet BLI finds 237 breaches between April and June this year


August 07, 2014

More than 375 million customer data records were compromised in the first half of this year, in a staggering 559 data beaches. The retail industry was hit the hardest, with over 145 million records stolen or lost in the second quarter alone.

These statistics came as part of a new report from SafeNet, a global provider of data protection solutions for wireless networks and other systems headquartered in the United States.

Continue reading

Achieving Comprehensive PCI DSS 3.0 Compliance

It’s not news that any entity that processes, transmits or stores account data, or can impact the security of cardholder data environment, is required to be compliant to PCI DSS 3.0. However, the business benefits of the security framework — a more secure network, protection of corporate brand and reputation, reduced risk of successful data breaches and network attacks — can easily be overshadowed.

Tripwire (a long time parter of Securus) combines the power of configuration control and deep file integrity monitoring (FIM) with comprehensive log and security information event management capabilities to help deliver continuous and unmatched PCI DSS compliance. The above white paper serves as a useful guide for security personnel who want to learn how Tripwire® Enterprise, Tripwire Log Center® and Tripwire IP360™ could assist in meeting PCI DSS requirements. Qualified Security Assessors (QSAs) might find this document useful as well, as it highlights the areas of the PCI DSS requirements that can be verified and met by those solutions.

Download whitepaper here: http://www.tripwire.com/register/pci-dss-compliance-with-tripwire-solutions-a-witham-pty-ltd-whitepaper/

Practical Security: Browser Security Settings


August 06, 2014

By Norman Yue (CTO)
Originally published: http://advancedpersistentjest.com/2014/07/22/practical-security-browser-security-settings/

This series of blog posts will aim to look at some “quick wins”, which an organisation or a security team (or even interested users) can realistically put into place immediately, what they are, and how they impact both security and usability.

This is not aimed at being remotely comprehensive, or reaching a “perfect” state of security – while a few people might browse the Internet with non-HTML non-image content off by default, we realize this probably isn’t feasible for most users, and having an actual Security Policy based on what you actually need is a Really Good Idea [tm].

While most people (and by extension, organisations) simply take their browser for granted, modern browsers typically have a slew of settings (not necessarily explicitly related to security) which can impact the security context for end-users. Here are a few “quick win” solutions which can easily be put in place, with minimal impact for users. Continue reading

Backcountry Gear website hit with payment-compromising malware

The Backcountry Gear website has been compromised by a substantial malware attack, which has resulted in the likely breach of personal customer payment card information.

Backcountry Gear is a supplier of lightweight backpacking and camping equipment, based in the United States. Apparently, malware was installed on the website for around three months, beginning around 27 April of this year. In addition to payment card information, names, addresses, and purchase details were also accessed.

Continue reading

Seattle University notifies donors of security breach


August 05, 2014

Seattle University in Washington is currently notifying individuals of a security breach that left their personal information open to anyone in the university computer network.

The breach was announced on July 17, in an incident notification issued to the Attorney General. The actual breach was discovered on May 25, at which point measures were put in place to improve security measures.

Continue reading