When it comes to threat detection, spotting malicious insiders is one thing. They often leave a trail. But how do you protect against the accidental insider threat? Mike Siegel, VP of Products at Forcepoint, shares strategy and solutions.
A team of cryptographers has found that the random-number generator Dual_EC - known to have been backdoored by the NSA - was added to Juniper's ScreenOS firmware around 2008 and is still present, although the networking giant has promised to soon replace it.
The takedown of an Eastern European gang believed to have been responsible for a string of ATM jackpotting attacks serves as a reminder of why ATMs running outdated operating systems and universal access keys pose significant worldwide security risks.
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
A power blackout that recently affected about 1.4 million Ukrainians has been tied to an espionage Trojan called BlackEnergy. The attack appears to be the first time that hackers have successfully used malware to help disrupt energy-generation systems.
To minimize the risk of business email compromise schemes and similar types of fraud, senior executives at businesses should avoid posting information about their activities on social media and other accessible forums, says security expert Chuck Easttom.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
Banking and government institutions, and other organizations that employ Juniper Networks gear, are being actively targeted after the company warned that it discovered that someone added a backdoor to the firmware in 2012. Who's responsible?
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
The rising profile and increasingly complex nature of cyberattacks was a major development in 2015. What are the key threats for security practitioners to be wary of in the year ahead? FireEye CTO APAC Bryce Boland shares insights.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
The latest strain of Android malware called SlemBunk tries to trick mobile banking application users into sharing their banking, social network and other credentials, as security experts see the number of mobile malware attacks continuing to increase.