Information Week Latest on Security

Former network engineer accused of using stolen VPN token to delete corporate data and email boxes.

Symantec report finds that the daily threat volume, sophistication, and cost of security breaches have escalated since 2009.

NetWitness' network analysis and visualization tools, used to investigate the high-profile breach of RSA's SecurID authentication system, will be folded into EMC's RSA security management products.

Most scams involved online account takeover or theft, according to a study commissioned by security vendor Guardian Analytics and conducted by Ponemon Institute.

Capital One, Brookstone, JP Morgan Chase, and TiVo have issued warnings to their customers, and presumably other Epsilon clients have as well.

EMC won't say what the attackers took, but it did explain how they penetrated RSA and stole information about its two-factor SecurID authentication system.

Prepackaged exploits are helping attackers compromise more sites at once, while many content management systems are running with known vulnerabilities, finds report from HP DVLabs.

The scareware sends users to a bogus Web page warning them that their PCs are infected with malware and tries to sell them an anti-virus application.

PayPal, eBay, and the customers of at least 15 banks were targeted by the eliminated botnet.

Windows and Internet Explorer are at greater risk of attacks because developers don't use mitigation technologies built into the software, said Microsoft.

Do businesses have the right to make money from the unregulated buying and selling of personal information?

Auditors were able to pull encryption keys, passwords and user account information over the Internet from systems that help control spacecraft and process critical data.Auditors were able to pull encryption keys, passwords, and user account information over the Internet from systems that help control spacecraft and process critical data.

The digital certificate issuer has deactivated the affected accounts and begun to implement security and validation reforms.

The missing computer, containing personally identifiable information on 13,000 people, was password-protected, but not encrypted.

Bagel and other botnets seem to be picking up the slack, according to Symantec.

McAfee and SAIC study finds that about 70% of organizations that store sensitive data abroad choose to do so in countries with lenient breach notification requirements.

The Rustok botnet was estimated to be one million PCs strong, underlining the dangers that malware can cause to businesses and consumers.

Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.