Networks
The latest technologies and best practices to secure local, virtual, cloud, and hybrid networks.
-
Review: GreenSQL Database Security
There are many devices and services that are under constant attack in today’s business environments. Popular vectors for attack include browsers and smartphones, but the goal of an attack is not the device, service or application. Attackers exploit weaknesses in devices and services in order to get to important business information which is stored in…
-
EasyDraft Data Breach Exposes Bright Horizons Customers’ Financial Data
EasyDraft, which processes payments for Bright Horizons Family Solutions, recently began notifying an undisclosed number of current and former Bright Horizons customers that their names, bank routing numbers and bank account numbers were mistakenly made available online (h/t DataBreaches.net). According to the notification letter [PDF], Bright Horizons learned on January 8, 2014 that one of…
-
How Was SQL Injection Discovered?
SQL injection has become the scourge of the Internet era. Year after year, it is cited as one of the top security vulnerabilities on the Internet, responsible for countless data breaches. Jeff Forristal, also known by the alias Rain Forrest Puppy, was one of the first people to ever document SQL injection. Forristal, now the…
-
Crown Castle Acknowledges Data Breach
Crown Castle recently began notifying an undisclosed number of its U.S. employees that their payroll information may have been accessed by hackers. On October 31, 2013, the company determined that an unknown person or persons bypassed Crown Castle’s security system and accessed an e-mail containing an attached payroll file that listed U.S. employee names, Social…
-
Yusen Logistics Acknowledges Security Breach
Shipping and logistics company Yusen Logistics (Americas) Inc. (YLA) recently began notifying an undisclosed number of current and former employees that their personal information may have been exposed when a password-protected, unencrypted laptop was stolen from a YLA employee’s vehicle on September 23, 2013. The laptop held a spreadsheet containing payroll deduction information for current…
-
How to Bake Better Security into Applications
Developers are being urged to create applications at an ever-faster pace, with many of them designed to operate on the Web or run on mobile devices. All of these factors open the door to security vulnerabilities. “When secure code practices are not part of development, you end up with data breaches, a large percentage of…
-
PureVPN Hacked
Customers of VPN provider PureVPN recently began receiving e-mails stating that the company was shutting down due to legal issues — but PureVPN quickly announced that the e-mails were fake, and had been sent by hackers who had accessed customers’ names and e-mail addresses (h/t Softpedia). In a blog post on October 6th, PureVPN co-founder…
-
How to Offer Security Awareness Training That Works
There is a reason phishing scams remain popular. Despite the fact most knowledge workers know the risks of clicking on unknown attachments or links, a significant number of them continue to do it. A recent Harris Interactive survey found that 19 percent of U.S. employees working in an office said they had opened an email…
-
Digital Certificate Dangers, and How to Fight Them
Digital certificates play a vital security role on the Internet. They allow you to prove that your websites are genuine, sign applications and software updates to prove that they originated from you, and communicate with customers easily using encryption. The drawback to certificates is that if anything goes wrong, the potential fallout can be disastrous.…
