Russian National Charged in Payment Card Scheme

Scott Ferguson • November 13, 2019

The U.S. Justice Department Tuesday unsealed an indictment charging Russian national Aleksey Burkov with running an underground site called "Cardplanet" that acted as a clearinghouse for stolen payment card data. Burkov arrived in the U.S. Tuesday after being extradited by Israel.

Cybercrime

Trend Micro Employee Sold Consumer Data to Scammers

Latest

Governance

Researchers Describe Significant Flaw in Intel's PMx Driver

Jeffrey Burt • November 13, 2019

Researchers at Eclypsium have revealed new details concerning a significant flaw in Intel's PMx driver, which they say could give attackers "near-omnipotent" control over devices. Intel has released an updated version of the driver, a key step in mitigating risks.

Fraud Management & Cybercrime

Multilayered Security Gets Personal

Tom Field • November 13, 2019

When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.

Governance

'Devaluing' Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

PCI Standards

Verizon: Companies Failing to Maintain PCI DSS Compliance

Nick Holland • November 12, 2019

Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings.

Governance

Insider Threat: Greater Risk Mitigation Required

Mathew J. Schwartz • November 11, 2019

Too many organizations are still failing to prioritize mitigating the risk posed by insiders, whether they're malicious actors or model employees who make mistakes that unintentionally lead to a data breach, says Veriato's Chris Gilkes.

General Data Protection Regulation (GDPR)

Privacy Nirvana: Some Assembly Still Required

Mathew J. Schwartz • November 11, 2019

Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.

Governance

Data Breach Defense: Email and File Lockdown

Mathew J. Schwartz • November 11, 2019

Preventing data breaches requires safeguarding information, and for many organizations that means having strong controls in place to protect email as well as files, says Zivver's Olivier Paling.

Governance

'Digital Climate Change': An Inconvenient Truth

Mathew J. Schwartz • November 11, 2019

Too many organizations continue to use digital assets and infrastructure even when they can see that they have information security problems and deficiencies that they're failing to fix, says cybersecurity expert John Walker.

Endpoint Security

DOJ: Company Sold Gear With Security Flaws to US Military

Akshaya Asokan • November 8, 2019

Federal prosecutors have charged a Long Island company, along with seven of its employees, with selling vulnerability-laden Chinese technology to the U.S. military and other agencies for a decade and passing the gear off as American made.

Governance

Cybersecurity Success Rule No. 1: Prioritize Culture Change

Mathew J. Schwartz • November 8, 2019

The one factor with the biggest impact on any organization's digital transformation efforts - regardless of the organization's size or sector - is the ability to change its privacy, cybersecurity and IT culture, says Stephen Owen, CISO of Bourne Leisure Group.

Cyberwarfare / Nation-State Attacks

Staying Ahead of Nation-State Cyberattacks

Mathew J. Schwartz • November 8, 2019

As nation-state attackers increasingly aim to steal intellectual property, businesses must ensure they have the best possible defenses in place, says Ran Shahor, CEO of HolistiCyber.

Governance

Cybersecurity at the Heart of the 4th Industrial Revolution

Mathew J. Schwartz • November 8, 2019

At this year's annual meeting of the World Economic Forum, the cybersecurity message was clear: World leaders see it as essential for fixing the failures associated with past industrial revolutions as well as safeguarding future digital transformation, says Fortinet's Alain Sanchez.