If you run a Magento-powered e-commerce site, it's time to patch again. E-commerce sites continued to be targeted by cybercriminals seeking to steal payment card data, and experts recommend moving quickly to plug the most critical flaw, a SQL injection vulnerability.
Communication of cyber risks to executives using enterprise risk methodologies is imperative for improving incident prevention, according to Randy Trzeciak and Brett Tucker of Carnegie Mellon University, who offer tips.
The ISMG Security Report features Chris Painter, commissioner of the Global Commission on the Stability of Cyberspace, discussing cybersecurity policy for the 2020 U.S. elections. Plus, an update on the cost of the Norsk Hydro ransomware attack and the challenges of controlling real-time payments fraud.
Buyer beware: A new study shows used USBs offered for sale on eBay and elsewhere may contain a wealth of personal information that could potentially be used for identity theft, phishing attacks and other cybercrimes.
The information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown, Spectre and most recently Spoiler, that have proven difficult to fully fix, says Bill Conner, president and CEO of SonicWall.
At a time when diversity is a key topic within the cybersecurity leadership and workforce, MK Palmore of the FBI says we also need a diversification of skills to help improve breach defense and response.
Some 96 percent of all compromised payment cards have been issued by U.S. banks, reflecting not only the prevalence of credit cards held by Americans, but the relative ease with which they can be used for fraud, says Liv Rowley, a threat intelligence analyst at Blueliv.
As fraud has shifted over the past decade from basic account takeover to synthetic identities and new account fraud, so has the field of identity protection evolved. Tom Thimot and George Tubin of Socure say they are here to disrupt the industry.
Beazley Breach Response Services, a unit of global insurance company Beazley, reports that nearly half of the more than 3,300 breaches it investigated last year traced to a hack attack or malware infection. And half of those hacking/malware attacks were tied to business email compromise schemes.