A restaurant wholesaler has been breached a second time, and investigators are still trying to determine how the incident occurred and how many cards were exposed. The POS hack raises questions about ongoing PCI compliance and in-house fraud detection systems.
Hacktivists on Christmas Day announced new plans for more DDoS attacks against U.S. banks, and it appears Citi was among the first hit, although the attackers named no specific targets in their latest threat.
An international telecommunications treaty, approved in Dubai in early December, is a veiled threat to suffocate Internet freedom internationally, says Rep. Jim Langevin, the Rhode Island Democrat who co-chairs the House Cybersecurity Caucus.
Before embarking on the tragic Newtown, Conn. shootings, Adam Lanza reportedly destroyed his computer. But is the machine's data also destroyed? Forensics expert Rob Lee discusses how "lost" data is retrieved.
IBM's Dan Hauenstein, in analyzing Big Blue's 2012 Tech Trends Report, says security concerns often inhibit the adoption of four technologies: mobile, cloud, social business media and business analytics.
Sometimes HIPAA training alone is just not enough to drill into peoples' heads why and how patient information needs to be protected. So, how are organizations getting medical staff to do the right thing?
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?
The National Institute of Standards and Technology has issued new guidance titled "Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping," the sixth part of a series of recommendations regarding the modes of operation of block cipher.
Heading into 2013, security leaders across industry feel confident about their processes and technology. People, though, continue to create the greatest risks. Can "awareness in depth" make a difference?
A draft of new guidance intended to be a blueprint to validate and implement a secure infrastructure as a service cloud computing offering has been issued by the National Institute of Standards and Technology.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
While some healthcare organizations are quickly rolling out privacy and security policies for employee-owned mobile devices, others are moving slowly. What BYOD tips do healthcare security leaders offer?
PNC and Wells Fargo both reported only minor disruption from online traffic surges on Dec. 20. Has the strength of DDoS attacks subsided, or are banks getting better at defending against these strikes?