Whose Job Is Virtualization Security?
As network boundaries blur and longstanding design paradigms fall by the wayside, how do we assign accountability for security? It's a pressing question: Because virtualization gives us so much power and flexibility, we're moving ahead at a breakneck pace, often without looking closely at whether security-assurance levels remain as the services delivery model morphs. (By Richard Dreger November 21, 2011, Information Week)
Hackers Likely Have Japanese Warplane, Nuclear Data
Attackers likely accessed sensitive data relating to military aircraft, missiles, and nuclear power plant designs and safety systems, said Japanese defense officials.
(Mathew J. Schwartz, October 25, 2011, InformationWeek )
700,000 InMotion Websites Hacked by TiGER-M@TE
InMotion’s data center got hit by the hacker that calls himself TiGER-M@TE, leaving a few hundred thousand website owners with nonfunctional pages. He is also the one responsible for the attack carried out on Google Bangladesh. By (Eduard Kovacs September 26th, 2011, Softpedia)
DNS hijack hits The Register: All well
On early Sunday evening, UK time, The DNS records of many websites, including those of The Register and The Telegraph, were hijacked and redirected to a third party webpage controlled by Turkish hackers. (Drew Cullen, September 5, 2011, The Register)
PCI Council revokes company's QSA status
Merchants that use Scottsdale, Ariz.-based security services provider Chief Security Officers (CSO) to validate their adherence with the Payment Card Industry Data Security Standard (PCI DSS) will have to find a new assessor. (Angela Moscaritolo, August 09, 2011 SC Magazine)
Health Net Breach Exposes 1.9 Million Records
According to the most recent Ponemon Institute figures, the average data breach costs healthcare organizations $345 per records. Using those numbers, this breach could cost Health Net upward of $655 million when all is said and done. That's a little more than 5 percent of Health Net's projected $12 billion revenue for 2011
IRS Financial Systems Vulnerable to Insider Threats
In addition, GAO said, 65 of 88 or nearly three quarters of previously reported weaknesses remain unresolved or unmitigated.
Exploitable DOS attack against upatched versions of ESX (4.x) and ESXi (4.x)
Unspecified vulnerability in the Service Location Protocol daemon (SLPD) in VMware ESX 4.0 and 4.1 and ESXi 4.0 and 4.1, and OpenSLP, allows remote attackers to cause a denial of service