Organizations in all business sectors should take a series of steps to guard against "visual hacking," a low-tech method used to capture sensitive, confidential and private information for unauthorized use.
A top-flight IT security team requires individuals with know-how in a wide range of non-technology disciplines, in addition to those with technical expertise, cybersecurity leaders say.
Microsoft has issued a patch to correct a critical vulnerability in Schannel, which encrypts transactions on most Windows platforms. The bug is "concerning" for organizations running the service, some experts say, comparing it to the Heartbleed flaw.
FireEye is warning Apple users about a flaw in which downloaded malicious apps can replace genuine iOS apps, an exploit the security firm is dubbing the "Masque Attack." Experts offer insights on mitigating the threat.
Troy Leach of the PCI Security Standards Council says log monitoring is an effective data breach detection tool that, unfortunately, not enough merchants put to use. He explains how upcoming PCI guidance could help with implementation.
U.S. and European law enforcement officials have arrested 17 alleged vendors and operators of illegal "Darknet" online marketplaces, shuttered 410 websites - including Silk Road 2.0 - and seized narcotics and $1 million in bitcoins.
A hotel booking website hack - resulting in stolen payment cards - triggers a regulator's warning that businesses still need to pay close attention to eliminating SQL injection vulnerabilities from their websites and emphasizing secure coding.
The developers of the Backoff point-of-sale malware that's infected more than 1,000 U.S. businesses have continued to refine their attack code, including encrypting communications and making the malware tougher to spot or eradicate, researchers say.
After 20 years in the Army and nearly that long as an information risk management leader at the National Institute of Standards and Technology, Ron Ross says his career is still evolving. Find out what he plans to do next.
Amy McHugh, a former FDIC IT examination analyst, says banking regulators will soon scrutinize C-level executives and boards of directors to gauge their cybersecurity awareness in the wake of the FFIEC's pilot cyber-risk assessment program.
The new director of Britain's eavesdropping agency, GCHQ, has blasted U.S. technology firms, arguing that - intentionally or not - they're "the command-and-control networks of choice for terrorists and criminals."
The National Institute of Standards and Technology has released a draft of guidance aimed at helping government agencies and businesses establish, participate in and maintain cyberthreat information sharing relationships.
Automated attacks have potentially compromised the majority of websites that run the Drupal content management system, giving attackers platforms for launching malware, DDoS attacks and spam, according to the Drupal security team.
Air-gapped networks promise security by disconnecting PCs from the Internet. But graphics cards in malware-infected systems attached to air-gapped networks can be made to broadcast data via FM radio to nearby smart phones, researchers warn.
An important lesson from the breach of a White House unclassified network is that organizations should invest in intrusion detection tools, not just perimeter defenses, SANS's Johannes Ullrich says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.