Dell Computer’s annual threat report for 2014 has it that the high profile breach of retailer Target’s point of sale systems ‘came indirectly through the company’s HVAC vendor, who received deeper user permissions than needed.’ Dell also reports a twofold increase in attacks on Scada systems, up to 675,186 in January 2014, many down to buffer overflow vulnerabilities.
The Object Management Group, with backing from the White House, has instigated a ‘Threat and Risk community’ and has put presentations from its inaugural cross-domain threat and risk information exchange day online.
Honeywell Process Solutions has announced the Cyber Security Risk Manager, a ‘digital dashboard’ to proactively monitor, measure and manage cyber security in multi-vendor control systems.
NIST has just published guidance on security and privacy assessments of mobile apps. The Special Publication 800-163, ‘Vetting the security of mobile applications’ targets a government audience, but should also benefit private industry developers and enterprise security professionals. Another NIST publication looks at the impact of ‘defensive code’ on software performance and finds that hardening software does not in general negatively affect performance.
The Petroleum industry data exchange recommend a new practice for all PIDX users to enhance transaction security. PIDX members and trading partners need to migrate from SSL 3.0 to TLS ‘as soon as possible.’ More from the SSL V3 Best Practices white paper.
© Oil IT Journal - all rights reserved.