Tuesday, August 18, 2009

Three indicted for Hannaford, Heartland data breaches

A federal grand jury has indicted a Miami man and two Russian hackers for their involvement in an international scheme to steal more than 130 million credit and debit card numbers from five companies. 
The indictment alleges the men conspired to conduct the largest credit and debit card data breach ever charged in the United States. 
The Department of Justice issued a statement today about the indictment, which accuses Albert Gonzalez, 28, and two unnamed Russian citizens of stealing data from Heartland Payment Systems Inc., 7-Eleven Inc. and Hannaford Brothers Co. Two other companies remain unnamed because their breaches have not been made public, the DOJ said.
Read more about this at:

Patch management study shows IT taking significant risks

The latest research around patch management is a good reminder for security teams to move patch diligence up the stack to applications and to resist disabling signature checking for performance in UTMs. 

Qualys Inc. presented an update at the recent Black Hat USA 2009 briefings to their Laws of Vulnerabilities research, a timely statistical review in light of the increase in Microsoft Internet Explorer, Microsoft Office, Adobe Reader, and Apple QuickTime application level attacks. The study, first conducted in 2004, is based on years of accumulated vulnerability scanning data of the Qualys installed base.
Read more about this article at: