There's been no shortage of high-profile and damaging data breaches in the past year. And the targets are widely varied-they include security firms RSA Security and HBGary Federal, defense contractors Lockheed Martin and Northrop Grumman, entertainment giant Sony, major retailers, healthcare companies and marketing firms.
The past couple of weeks have not been the best for Mac OS X's security reputation.
After several large breaches -- including the <a href="http://blogs.csoonline.com/1457/epsilon_hack_notification_letters">Epsilon</a>, <a href="http://www.csoonline.com/article/680689/sony-playstation-network-personal-user-data-stolen">Sony</a>, and <a href="http://www.csoonline.com/article/684463/citigroup-reveals-breach-affected-over-360-000-cards">Citigroup</a> incidents that left customer financial data exposed -- federal lawmakers are dusting the covers off of an old idea: national data breach notification laws.
Secure software services provider Veracode this week released its <a href="http://www.csoonline.com/article/600724/security-testing-of-custom-software-applications">security analysis</a> of 4835 applications that were submitted to the firm for evaluation during an 18-month period.
While the race between industrial control system attackers and defenders didn't start with the Stuxnet worm, it certainly acted as a catalyst to a new arms race and more researchers taking a closer look at the quality of SCADA software.
It's no secret that the goal of modern malware writers is to create attack software that is stealthy and flows undetected for as long a period of time as possible. What's increasingly startling, however, is how pervasive custom malware has become as part of traditional attacks.
In the last three months of 2010 attackers managed to serve 3 million malicious advertising, or malvertising, impressions every day. That's the headline figure from a report released today from Web security firm Dasient. According to Dasient, that's a 100 percent increase from the preceding quarter.
It's no state secret that industrial and automation control systems have a way to go before they're resilient from targeted and sophisticated malware attacks. Just last week the International Society of Automation (ISA) announced that the ISA99 standards committee on Industrial Automation and Control Systems Security had formed a task group to conduct a gap analysis of the current ANSI (American National Standards Institute) ISA99 standards and modern threats against critical industrial systems, such as Stuxnet.
There's no doubt that the momentum in computing adoption is with mobile meaning enterprises will have to protect the communications that emanate from, and are sent to, these devices.
