In the wake of so many mega-breaches, new account fraud is easier to perpetrate than account takeovers. This puts new pressure on enterprises to know their digital customers, as well as to authenticate their identities and activities, says Shaked Vax of IBM Security.
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
To stop fraudsters, iovation's John Marsden wants organizations not just to ask customers to verify their personal details. He also wants organizations to take a good, hard look at the devices that alleged customers are using.
Numerous technology firms now offer facial biometrics recognition search tools for big data sets. But information security expert Alan Woodward warns that these big data sets must be "considered and regulated very heavily" or else we'll be "living in 1984 without knowing it."
Email attacks continue to bite businesses, with organizations reporting not only a steady stream of ransomware, but also increasingly targeted social engineering attacks and account takeovers for cloud service users, says Barracuda's Hatem Naguib.
Nearly three weeks after human resources software vendor PageUp discovered malware on its system, the tally of what data was exposed remains unclear, although successful job applicants appear to have been hardest hit.
The geneology service MyHeritage says a security researcher found 92 million email addresses and hashed passwords for its users on a private external server. The company, however, says there's no evidence of abnormal account activity or indications family trees or DNA results were affected.
A swift FBI sinkhole blunted an apparently imminent attack against Ukraine via "VPN Filter" malware, which has infected more than 500,000 routers. But mass router compromises will continue so long as manufacturers fail to build in easy or automated patching and updating, security experts warn.
If you're paying attention, you've probably already seen a handful of GDPR-related headlines just today, let alone in the last week or month. But there are two good reasons for the deluge of GDPR discussion right now: It's incredibly important and the time to act is now.
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.
Business email compromise and account takeover attacks haven't faded; they've just morphed. Wes Dobry of Agari discusses the new wave of these attacks and how organizations can do a better job of detecting and responding to them.
Attackers rarely bother with technical sophistication when easy social engineering schemes, such as "hacking" a victim's social network and using it against them, can give them what they want, says Markus Jakobsson, chief scientist at the cybersecurity firm Agari.
Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers. Phishing remains a favored criminal technique for harvesting account credentials and cryptocurrency, as well as corporate secrets.