Organizations in all sectors need to develop an "early warning system" to detect insider threats, says Scott Weber, managing director at the risk management firm Stroz Friedberg.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks to improve the odds of finding the perpetrators, says Assistant U.S. Attorney Camelia Lopez in this video interview.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
Privacy and security expert Rebecca Herold outlines three common HIPAA compliance missteps and offers advice on bolstering security and minimizing the risk of breaches.
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
The HHS Office for Civil Rights will dramatically ramp up its HIPAA enforcement activities in 2016, fueled by a financial infusion from recent fines in HIPAA cases, predicts privacy attorney David Holtzman of CyngergisTek, a former OCR senior adviser.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
The latest strain of Android malware called SlemBunk tries to trick mobile banking application users into sharing their banking, social network and other credentials, as security experts see the number of mobile malware attacks continuing to increase.
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
In terms of malware, 2015 will go down as the year that ransomware got big, and the organized criminals behind it got bolder. IBM's Limor Kessem discusses what to expect from advanced malware variants in 2016.
FireEye has issued an emergency security alert - and related patch - to fix a serious flaw discovered by Google researchers. The episode follows FireEye earlier this year being criticized for serving an injunction against other security researchers.
Global Payments Inc. plans to buy its smaller rival, Heartland Payment Systems Inc., for $4.3 billion. Both payment transaction processors have suffered massive data breaches, and industry observers are weighing in on whether the merged companies will successfully build a strong culture of security.
The FBI has arrested three men on charges that they participated in a hacking and identity theft scheme designed to fuel spam campaigns, including the insider-enabled theft of account details for 24.5 million Comcast customers.
Twitter has issued its first-ever alerts to some users that they may have been "targeted by state-sponsored actors." Some cryptographers, software developers and security experts say they have received the alerts.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.