Author Archives: securusnews

iOS devices hit by AdThief malware

September 01, 2014

Apple iPhones and iPads are being targeted by a malware called AdThief, which has so far impacted 75,000 devices, according to details provided by Fortinet in a Virus Bulletin .

AdThief was discovered in March of this year, and was found to hijack advertisement revenues and redirect them to the attacker. These advertisements commonly seen in mobile apps as an alternative way of receiving compensation for development.

Continue reading

Wireless Emporium site compromised by malware

August 19, 2014

A US retailer, Wireless Emporium, has recently suffered a massive data breach on it's website computer server, in which a substantial amount of personal and confidential information may have been compromised.

Wireless Emporium is a retailer specialising in cellphone accessories and mobile products such as chargers, cases and batteries. A malware installation on the website server may have opened access to valuable data.

Continue reading

Las Vegas brain and spine surgery centre hit with insider breach

August 16, 2014

A medical centre in the United States has recently been hit with a substantial data breach, which is now believed to have originated from within the centre itself.

The Las Vegas Western Regional Center for Brain & Spine Surgery (WRCBSS) reported the breach on July 9, stating that 12,000 individuals have been impacted. Names, addresses, Social Security numbers and billing account numbers for the organisation were included in the stolen data.

Continue reading

ABI: Cyber attacks pushing DLP market growth

August 09, 2014

Data breaches are growing in number, driving a massive loss prevention market, according to a new report from analytical firm ABI Research.

It's not just the quantity, however, as these enterprise attacks have also been growing in sophistication throughout the past decade, to the point where breach and data theft at the enterprise level are now inevitable.

Continue reading

SafeNet BLI finds 237 breaches between April and June this year

August 07, 2014

More than 375 million customer data records were compromised in the first half of this year, in a staggering 559 data beaches. The retail industry was hit the hardest, with over 145 million records stolen or lost in the second quarter alone.

These statistics came as part of a new report from SafeNet , a global provider of data protection solutions for wireless networks and other systems headquartered in the United States.

Continue reading

Achieving Comprehensive PCI DSS 3.0 Compliance

It’s not news that any entity that processes, transmits or stores account data, or can impact the security of cardholder data environment, is required to be compliant to PCI DSS 3.0. However, the business benefits of the security framework — a more secure network, protection of corporate brand and reputation, reduced risk of successful data breaches and network attacks — can easily be overshadowed.

Tripwire (a long time parter of Securus) combines the power of configuration control and deep file integrity monitoring (FIM) with comprehensive log and security information event management capabilities to help deliver continuous and unmatched PCI DSS compliance. The above white paper serves as a useful guide for security personnel who want to learn how Tripwire® Enterprise, Tripwire Log Center® and Tripwire IP360™ could assist in meeting PCI DSS requirements. Qualified Security Assessors (QSAs) might find this document useful as well, as it highlights the areas of the PCI DSS requirements that can be verified and met by those solutions.

Download whitepaper here:

Backcountry Gear website hit with payment-compromising malware

August 06, 2014

The Backcountry Gear website has been compromised by a substantial malware attack, which has resulted in the likely breach of personal customer payment card information.

Backcountry Gear is a supplier of lightweight backpacking and camping equipment, based in the United States. Apparently, malware was installed on the website for around three months, beginning around 27 April of this year. In addition to payment card information, names, addresses, and purchase details were also accessed.

Continue reading

Seattle University notifies donors of security breach

August 05, 2014

Seattle University in Washington is currently notifying individuals of a security breach that left their personal information open to anyone in the university computer network.

The breach was announced on July 17, in an incident notification issued to the Attorney General. The actual breach was discovered on May 25, at which point measures were put in place to improve security measures.

Continue reading

US wellness plan affected by substantial breach

August 01, 2014

A substantial number of people have recently been impacted in a data breach at Virginia-based power and energy company Dominion Resources, by an attacker who gained access through the systems of a subcontractor.

Around 1,700 individuals are now being notified of the attack, which was carried out on March 25. Following the attack, Onsite Health Diagnostics discovered the breach in June and brought it to the attention of StayWell Health Management, the wellness vendor for employees. StayWell was then able to notify Dominion Resources on June 24.

Continue reading