In revised guidance, the National Institute of Standards and Technology cautions enterprises to assume that "external environments contain hostile threats" as they establish programs to allow employees and contractors to remotely access critical systems.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
Apple has unloaded another blistering legal response to the Justice Department over the court order obtained by the FBI that requires the company to help unlock an iPhone used by one of the San Bernardino shooters.
ISMG's Data Breach Summit aims to provide insights from industry thought-leaders on the best defense strategies for tackling future breaches. The conference kicked off to great traction from the security community.
In a lawsuit, two small merchants say they, and many other retailers, are unfairly being forced to pay fraud-related expenses as a result of the EMV liability shift even though they converted to EMV technology by the card brands' deadline. Fraud prevention experts analyze the implications of the case.
ISMG's upcoming Data Breach Summit Asia in Bangalore will provide insights from industry thought-leaders on the best defense strategies for tackling future breaches. In the face of increasing targeted attacks, cyber extortion and the growing threat to critical infrastructure, there is plenty to discuss, debate and...
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
Without saying the word "backdoor," President Barack Obama used an appearance at the South by Southwest conference to argue that law enforcement agencies need weak crypto and likened strong crypto to "walking around with a Swiss bank account in [your] pocket."
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
Credit card and other personal information was exposed in a data breach of Internet hosting provider Staminus Communications, which specializes in protection against distributed denial-of-service attacks. The company hosts the website of the Ku Klux Klan white supremacist group, which was also brought down.
The FBI calls ransomware "a prevalent, increasing threat." One recent campaign earned at least $325 million in global profits, while U.S. victims tell the FBI they paid $24 million in ransoms in 2015. And attackers are plowing profits back into improving their malicious code.
Dr. Sanjay Bahl has been appointed director general of CERT-In, according to inside sources. Security practitioners welcome the move and expect to see a new agenda and thrust on effective public private partnership.
In a filing rebutting Apple's appeal of a court order requiring the company to help the FBI unlock the iPhone used by a shooter in the San Bernardino massacre, the Justice Department says Apple's rhetoric is "false" and "corrosive" to the institution that safeguards Americans' liberties and rights.
We all realize that the black hats are typically a step ahead of the white hats. But do we accept that our own security controls are contributing to the deficit? Sam Curry of Arbor Networks describes how security leaders can regain their lead in this video interview.
Hank Thomas and Ann Barron-DiCamillo are long-time security practitioners who have now chosen to put their minds where the money is, as principals in the new venture capital firm Strategic Cyber Ventures. What types of companies are they looking to fund? Find out in this video interview.