As more companies move away from passwords toward behavioral biometrics, they face new challenges, says Rajiv Dholakia, vice president, products at Nok Nok Labs. "There are no standards as such in this area on how the information is collected, how it's stored and how it's processed," he says.
U.S. and U.K. government agencies have said they have "no reason to doubt" strong denials issued by Amazon and Apple that hardware hackers had successfully implanted tiny chips in their servers that provided a backdoor for Chinese spies.
Barriers to getting into the business email compromise - aka CEO fraud - game continue to fall, with security vendor Digital Shadows finding that compromised email accounts for a company's finance department can typically be purchased via the black market for just $150 to $500.
The British and Dutch governments have issued a strong rebuke to the Russian government over an ongoing series of "Fancy Bear" hack attacks that they say were launched by Russia's military intelligence agency Russian Main Intelligence Directorate, aka the GRU.
The U.S. Justice Department unsealed a criminal indictment charging seven alleged Russian GRU military intelligence agency officers with hacking multiple organizations, including the World Anti-Doping Agency, as part of APT 28 - aka Fancy Bear - cyber espionage operations.
Did the Chinese government pull off one of the most secretive hardware hacks of all time? That's what information security experts are pondering after a Bloomberg report described an espionage operation that purportedly planted a tiny spying chip on widely distributed server motherboards.
The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections.
A gang of North Korean government hackers, known as APT38, has stolen more than $100 million from banks in Asia and Africa via fraudulent SWIFT transfers, cybersecurity firm FireEye warns. Separately, the U.S. government says North Korea is also behind serious ATM malware cash-out attacks.
At three of the world's largest information security events in 2018, Information Security Media Group's team of editors conducted about 200 video interviews with industry thought leaders, who provided timely insights on important topics. Here's your guide to those interviews.
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
Tesco Bank has been hit with a £16.4 million ($21.3 million) fine by the U.K.'s Financial Conduct Authority for failing to prevent and more rapidly block thousands of fraudulent transactions that drained £2.3 million ($3 million) directly from customers' bank accounts.
The U.K.'s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web. The ICO found that the health insurer's CRM system lacked adequate security controls.
As new payment options continue to emerge via mobile phones and internet of things devices, the PCI Security Standards Council is broadening its security efforts, starting with a new standard for contactless payments coming early next year, says Troy Leach, PCI SSC's chief technology officer.
Education plays a critical role in any program designed to combat insider threats, says Christopher Greany, head of group investigations at Barclays. He'll discuss how to start an insider threat program in a presentation at Information Security Media Group's Security Summit: London, to be held Oct. 23.