Posted by: Garrett Stiles in Data Breach 7 months, 2 weeks ago
After a few weeks of speculation, Diary Queen has confirmed that nearly 400 locations were compromised in a recent data security breach. Among the 400 locations affected, 9 were local Arizona businesses.
Posted by: Jerry Lozen in Information Security 7 months, 2 weeks ago
Posted by: Garrett Stiles in News 7 months, 3 weeks ago
Schneier Says Incident Response is Failing
- Hacking attacks are inevitable, so organizations need to move from protection and detection towards breach management
- Proper response can make the difference in surviving a breach
- "A sufficiently motivated, funded and skilled hacker will always get in"
- 90's were about protection, 00's about detection, and this decade is about response.
- Security is a mix of people, processes, and technology
With most organizations not investing enough in protection and detection, it becomes more critical that they take response seriously. With the growing demand for skilled security professionals, and incident response being a highly specialized and technical niche in security, it might prove difficult to find people qualified when needed. It is crucial in this threat landscape of "When" not "If" you get breached that all organizations think about how to respond to a breach, have a plan, and practice the plan. Key to success is making sure those involved understand their role and can respond quickly.
Posted by: Jerry Lozen in Data Breach, Information Security, News, Security News 7 months, 3 weeks ago
Jimmy John's Data Breach
Posted by: Jerry Lozen 8 months ago
This past Wednesday, September 24th a vulnerability in bash was announced and I wanted to give a quick summary or run-down of the situation and how it may effect some of us. The vulnerability allows code execution in bash simply by setting certain specific environment variables. The vulnerability was originally found by Stephane Schazelas, and later Travis Ormandy disclosed a secondary exploit that manages to circumvent the initial patch. Given the fact this vulnerability revolves around using bash shells it has been given the name "shellshock". It has also been assigned two separate CVE numbers, CVE-2014-6271 for the original vulnerability and CVE-2014-7169 for the secondary variation.