Oracle Offers Workaround After Confusion Leads to Zero-Day Disclosure
Many software developers offer bounty programs for their products. The concept is that someone finds an vulnerability and notifies the developers of the software for a reward. The point is to dissuade hackers from using the vulnerabilities by offering them something "better"(?). Of course one would think that, after the vulnerability is turned in and the reward given, the developer would scramble to correct the issue. Oracle seems to have a different process in place.
Symantec Releases Latest in Annual Cost of Data Breach Studies
So you've been breached. You've shored up your system and are, once again, secure. But the damage has already been done. That damage, however, may not be as costly as it used to be. According to Symantec's 2011 Cost of Data Breach Study the costs associated with a data breach have gone down in recent months.
FBI Tells Corporate Execs to Defend while DARPA Prepares to Attack
"J.P. Morgan reports that worldwide e-commerce sales are expected to increase from $573 Billion in 2010 to nearly $1 Trillion in 2013. Each year, cybercriminals and thieves steal terrabytes of data, intellectual property worth billions, expose an average of 260,000 personal identities per data breach, and cost organizations approximately $7.2M per data breach event. Symantec reported that this past summer, 29 chemical companies, including multiple Fortune 100 companies, were subject to computer attacks that sought to extract data on formulas and manufacturing processes." Dr. Regina E. Dugan brought these unfortunate statistics to the attention of the DARPA Cyber Colloquium in November of last year. At the same time she reminded them of several attacks tracing back to government organizations in Russian and China. It would appear they listened. DARPA reported, Monday, that they are increasing they cyber research budget by $88M in FY2012 and intend to increase the amount another 4% of it's top line budget over the next 5 years.
NIST Releases Updates to Security Guidelines
With the growing threat presented to information centric businesses by tech mobility and the cloud, NIST finally updated the federal guidelines on cyber security. NIST, or the National Institute of Standards and Technology, released their first draft February 28th, three years since the last update in 2009.
RSA Conference 2012 to Name Most Innovative Company
The RSA Conference, held in San Francisco this year, is only a few days away. Over the course of the five day conference attendees will be able to take place in Peer2Peer sessions, SANS Tutorials, or, of course, listen to one of the over 15 keynote speakers, one of which happens to be ex Prime Minister Tony Blair.
Despite Recent Threats American Infrastructure is Still Vulnerable to Cyber Attack
When most people think of cyber crime and cyber terrorism, they think of credit card information being stolen, identities being compromised, and, most recently, massive DDOS attacks by organizations like Anonymous and Lulzsec. What they don't tend to think of is the water coming from their faucet, the lights in their home and the gas heating their houses. Yet the ramifications of attacks on these basic utilities could far outweigh those of identity fraud. And these attacks are on the rise.
Pwn2Own Contest Puts Bounty on Browser Vulnerabilities
Dog the Bounty Hunter, known for his shirtless leather vest approach to dressing and his less than tactful approach to apprehending bail jumpers, may not be ready for the next round of bounties coming down the pike. This year, at the CanSecWest in Vancouver, companies like HP and Google are offering rewards for hackers and research teams who can exploit zero-day vulnerabilities within the most common browsers.
|
|
iEntry 10th Anniversary
RSS
Archive
