The European Central Bank has closed one of its websites after its IT staff found that a hacker compromised some personal information on the site and also planted malware.
Deception technology is attractive in that it offers - in theory - low false positives and critical clues to attackers' methodologies. But the benefits depend on its ability to fool attackers and whether organizations can spare the time to fine-tune it.
A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say. They found 23GB of data belonging to organizations that use Suprema's BioStar 2 system.
Microsoft has released a set of patches for two newly discovered BlueKeep-like vulnerabilities in a number of Windows operating systems. The "wormable" bugs in remote desktop services permit propagation of malware from one compromised device to others, the company reports.
Security researchers at Check Point Software Technologies say they've uncovered an SQLite database vulnerability in Apple iOS devices that can run malicious code capable of stealing passwords and gaining persistent control on affected devices.
Researchers from the security firm Eclypsium have identified 40 poorly designed drivers from 20 hardware and BIOS vendors that can give attackers numerous way to hack into various versions of Windows.
Organizations that are taking steps to comply with India's "data localization" regulation - and similar laws elsewhere - need to make sure they understand all the requirements, says Steve Marshall, CISO at Bytes Software Services, who offers compliance tips.
A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The malware is spreading through infected Microsoft Word documents, and it has the ability to evade advanced security filters, according to security researchers at Fortinet.
IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights.
The Monetary Authority of Singapore, the nation's central bank, has mandated that financial institutions comply with risk management guidelines within the next 12 months in an effort to strengthen the cyber resilience of these organizations.
A little over a week after a breach at Capital One was revealed, more U.S. lawmakers are raising questions about what happened at the bank, including what role, if any, Amazon may have played in opening the door to the intrusion.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
Through hundreds of millions of selfies, the small Russian company behind FaceApp has likely created one of the largest private troves of geometric and facial landmark data - on the scale of Google and Facebook. The viral app has turned into an intellectual property boon.
The U.S. Department of Defense has purchased IT gear known to have significant cybersecurity vulnerabilities, according to a new inspector general audit, which also highlights concerns about the use of equipment manufactured in China.
The promise of an integrated identity and risk platform that continuously monitors a myriad of suspicious activities across channels and applications, and dynamically orchestrates authentication and authorization actions has been around for over a decade. Many organizations and technology vendors have attempted to...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
