Citigroup, E*Trade, Regions Financial, Fidelity Investments, HSBC, Bank of the West and ADP are now believed to have been probed by the same hackers that targeted Chase, according to news reports. But so far, none of those firms believes data was compromised.
Nearly two weeks since news of Shellshock broke, attacks that are taking advantage of the Bash vulnerabilities are grabbing headlines. But Michael Smith of Akamai warns that the battle against hackers capitalizing on Shellshock could go on for years.
Organizations trying to combat advanced threats with existing security infrastructure may pay a price, says Blue Coat's Venkat Raghavan. A shift to a data and intelligence-driven architecture is an imperative.
Yahoo confirms Shellshock-targeting attackers hacked into three of its servers, but claims they didn't exploit Bash flaws. Meanwhile, Lycos denies it's been breached and WinZip isn't responding directly to a report that it was hacked.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
Leading this week's industry news roundup, KPMG acquires assets of Qubera Solutions, which provides identity and access management services, while Palo Alto Networks launches an endpoint protection solution.
JPMorgan Chase has confirmed that 76 million households and 7 million small businesses were impacted by a breach that reportedly began in June and was not detected until late July. One fraud expert calls the breach "a national crisis."
As high-profile data breaches continue to grab headlines, demand is growing for well-trained digital forensics experts who can conduct timely investigations to determine the cause of a security incident and help identify mitigation steps.
As researchers scramble to learn more about Shellshock and the risks it poses to operating systems, servers and devices, Michael Smith of Akamai explains why not all patches are actually fixing the problem.
The Justice Department announces that four alleged members of an international hacking ring have been charged with stealing intellectual property valued at $100 million, including a U.S. Army Apache helicopter simulator and Microsoft Xbox prototypes.