As Symantec recently learned, your intellectual property could be at risk from third parties with whom you do business.
Protecting intellectual property against insiders is tough enough when the insiders are a company's own employees. The problem becomes even more difficult when a third party--whether a vendor or customer--has access to confidential information.
Just ask Symantec. Last week, the company confirmed that a group of hackers had stolen the source code to two of the firm's older products--Endpoint Protection 11.0 and Antivirus 10.2--from a third party. The group of allegedly Indian hackers, using the name "The Lords of Dharmaraja," claimed that the leak came from the Indian government and planned to release the code to the public.
"Symantec's own network was not breached, but rather that of a third party entity," Symantec spokesman Cris Paden said in an e-mailed statement. "We are still gathering information on the details and are not in a position to provide specifics on the third party involved."
"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions," he said. "In 2010 alone, we distributed 10 million updates to our products in response to new cyber threats. If you extrapolate to four and five years, you can get an idea of how much our ... code has evolved over the following years."
Yet, a significant question for companies is why did the Indian government, if the code was indeed stolen from the government, keep the code so long, says Rob Rachwald, director of security strategy for Imperva.
Heightened concern that users could inadvertently expose or leak--or purposely steal--an organization's sensitive data has spurred debate over the proper technology and training to protect the crown jewels. An Insider Threat Reality Check, a special retrospective of recent news coverage, takes a look at how organizations are handling the threat--and what users are really up to. (Free registration required.)
Published: 2015-04-27 Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 188.8.131.52 iFix8, 6.0.4 before 184.108.40.206 iFix...
Published: 2015-04-27 IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 220.127.116.11, and 6.0.5 before 18.104.22.168 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...
Published: 2015-04-27 The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...
Published: 2015-04-27 The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 22.214.171.124 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Published: 2015-04-27 IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 126.96.36.199 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.