An examination of the maturing of cybercrime leads the latest edition of the ISMG Security Report. Also, understanding the Intel Active Management Technology flaw.
Reporting software vulnerabilities can be legally dicey, particularly if the affected company has not previously had contact with computer security researchers. A Sydney consultant recently experienced both ends of the spectrum while investigating building management software.
The UAE Banks Federation, which has 49 member banks, has launched the Cyber Threat Intelligence Initiative 2017 to create an information sharing platform in an attempt to better detect and respond to cyberattacks. But are these banks ready to share information or report breaches?
The critical Active Management Technology flaw in many Intel chipsets' firmware can be remotely exploited using any password - or even no password at all - to gain full access to a system, security researchers warn. Numerous systems and even ATMs will require forthcoming firmware fixes.
The latest draft version of the Trump administration's cybersecurity executive order is similar to the previous version and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Obama White House.
The Department of Homeland Security is warning IT service providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware on critical systems.
Hackers have reportedly exploited the SS7 mobile telecommunications signaling protocol to drain money from online bank accounts used by O2 mobile phone subscribers. Despite rising security worries relating to SS7, many telcos have yet to explore related fixes.
Organizations have more endpoints today than ever, and securing those endpoints is challenging, because it's rare that any one organization is responsible for all the endpoints that touch its network and servers, says Mike Spanbauer, vice president of research and strategy at NSS Labs.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties - was breached and payment card data and customers' personal details may have been stolen.
The figure sounds alarming, 60 percent of small companies went belly up within six months of a breach. And that stat was repeated several times by lawmakers as a House panel debated - and approved - a bill aimed at helping small businesses battle hackers. But is that number true?
Cybercriminals and hackers have no problems sharing tips and tricks. So why don't companies and organizations share threat intelligence? Australian security leaders are tackling the problem.
To help ensure that data is properly protected, the Ministry of Electronics and information Technology has mandated that all cloud service providers that handle government data store it on servers in India and not in other countries.
IBM and Lenovo have issued a security alert, warning that they inadvertently shipped malware-infected USB flash drives to some customers who use their Storwize hardware. The malware, known as Reconyc, is designed to install additional attack code on infected endpoints.
Make sure your Amazon S3 buckets have no holes. A California vehicle financing company has learned the hard way after exposing up to 1 million records online related to auto loan holders, according to a researcher's report.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.