Weekly Security Risk Management News Round-Up - 9/30/13

Melissa Stevens | October 4, 2013

More security and risk news from around the web for the week of September 30, 2013.

Mitigating Third-Party Risks: Steps That Regulators, Community Banks Need to Take

Tracy Kitten of Bank Info Security blogs about concerns among regulators and financial institutions, where each has taken opposing sides in the debate about who is responsible for assessing third party security risks.  Kitten says,

"Both sides are making valid points. Regulators clearly need to do a better job of notifying banks promptly when they find severe security flaws at third parties, especially core banking processors. And it's time for community banks to take the extra step of collaborating on their assessments of third parties as an affordable way to improve efforts to identify and mitigate security gaps."

Access the complete post on the Fraud Blog.

Adobe To Announce Source Code, Customer Data Breach

Brian Krebs reveals another detail in the continuing saga of last week's major breach news.  The same hackers who breached the LexisNexis and Dun & Bradstreet networks is believed to have compromised Adobe as well.

...Adobe confirmed that the company believes that hackers accessed a source code repository sometime in mid-August 2013, after breaking into a portion of Adobe’s network that handled credit card transactions for customers. Adobe believes the attackers stole credit card and other data on approximately 2.9 million customers, and that the bad guys also accessed an as-yet-undetermined number of user names and passwords that customers use to access various parts of the Adobe customer network.

Read the rest of the story on Adobe's data breach at Krebs On Security.

5 Lessons From Real-World Attacks

DarkReading published an article highlighting common points enterprises can learn from when it comes to being attacked by cyber-criminals.  First among these lessons is the point that everyone is a target, especially the small businesses and suppliers organizations partner with, as criminals often target partners to reach their true target.

"Cyberespionage actors are getting to their actual targets via their suppliers and business partners, he says. After the Flame cyberspying malware attack was exposed a year and a half ago, one of Bit9's customers in the Middle East found that it had been attacked by Flame. Bit9's software blocked an actual infection, he says, and it turns out the firm was targeted because they do business in the Middle East. "They were a stepping-stone attack," Sverdlove says."

Discover the other four lessons DarkReading outlines here.

Suggested Posts

Subscribe to get security news and updates in your inbox.