Practical Security: Browser Security Settings


August 06, 2014

By Norman Yue (CTO)
Originally published: http://advancedpersistentjest.com/2014/07/22/practical-security-browser-security-settings/

This series of blog posts will aim to look at some “quick wins”, which an organisation or a security team (or even interested users) can realistically put into place immediately, what they are, and how they impact both security and usability.

This is not aimed at being remotely comprehensive, or reaching a “perfect” state of security – while a few people might browse the Internet with non-HTML non-image content off by default, we realize this probably isn’t feasible for most users, and having an actual Security Policy based on what you actually need is a Really Good Idea [tm].

While most people (and by extension, organisations) simply take their browser for granted, modern browsers typically have a slew of settings (not necessarily explicitly related to security) which can impact the security context for end-users. Here are a few “quick win” solutions which can easily be put in place, with minimal impact for users. Continue reading

Backcountry Gear website hit with payment-compromising malware

The Backcountry Gear website has been compromised by a substantial malware attack, which has resulted in the likely breach of personal customer payment card information.

Backcountry Gear is a supplier of lightweight backpacking and camping equipment, based in the United States. Apparently, malware was installed on the website for around three months, beginning around 27 April of this year. In addition to payment card information, names, addresses, and purchase details were also accessed.

Continue reading

Seattle University notifies donors of security breach


August 05, 2014

Seattle University in Washington is currently notifying individuals of a security breach that left their personal information open to anyone in the university computer network.

The breach was announced on July 17, in an incident notification issued to the Attorney General. The actual breach was discovered on May 25, at which point measures were put in place to improve security measures.

Continue reading

US wellness plan affected by substantial breach


August 01, 2014

A substantial number of people have recently been impacted in a data breach at Virginia-based power and energy company Dominion Resources, by an attacker who gained access through the systems of a subcontractor.

Around 1,700 individuals are now being notified of the attack, which was carried out on March 25. Following the attack, Onsite Health Diagnostics discovered the breach in June and brought it to the attention of StayWell Health Management, the wellness vendor for employees. StayWell was then able to notify Dominion Resources on June 24.

Continue reading

Former employee accesses school district information


July 31, 2014

A school district in Missouri has recently had the personal information of over 10,000 past and present staff and students breached, following the actions of a former employee.

Park Hill School District is now notifying the victims , after it was discovered a former employee downloaded files onto a personal hard drive without consent. This former staffer then proceeded to upload the files to the internet – files which contained Social Security numbers, student and staff records.

Continue reading

Espionage malware returns with new toolset


July 26, 2014

A variant of a highly damaging espionage malware has returned, one which attacked governments and other enterprises around the globe early last year.

Named MiniDuke, the malware previously operated through a vulnerability in Adobe Reader. Now, attackers have redeployed the advanced virus as an attachment. Used under the names CosmicDuke and TinyBaron, the malware is now being spread, according to SCMagazine, via spearfishing and imposter applications.

Continue reading

Report released shows rise in New York State data breaches


July 19, 2014

Data breaches are growing substantially in New York State, becoming more complex, costly and representing a dangerous threat to individuals and businesses.

Attorney General of New York State Eric T. Schneiderman issued a report on 15 July outlining changing data breaches over recent years, and the resulting risks. Over eight years of security breach data was analysed for the purposes of the report.

Continue reading

Security breach compromises school information


July 16, 2014

Massachusetts and Vermont students who receive reimbursements from Medicaid are the latest victims of a data breach – one which has impacted around 3,500 individuals.

Multi-State Billing Services (MSB), the company from which the breach occurred, advised parents of the students to freeze credit accounts, in order to prevent attackers from viewing stolen credit reports. The company also stated that it plans to reimburse affected individuals for the credit freezes for three years.

Continue reading

Post navigation

Previous posts More posts