To stop fraudsters, iovation's John Marsden wants organizations not just to ask customers to verify their personal details. He also wants organizations to take a good, hard look at the devices that alleged customers are using.
To better counter threats carried by content - email, attachments, files - Deep Secure's Simon Wiseman says organizations should investigate content threat removal, which involves extracting required data from content and discarding the rest.
Magecart, the criminal group behind the recent data breach at certain Ticketmaster websites, may have also hit the company's sites in Australia, New Zealand, Turkey and Hungary, according to RiskIQ, which says the group's digital payment card skimmers may also affect as many as 800 other e-commerce sites.
Attackers have stolen $23.5 million in cryptocurrency from Bancor, which is developing a decentralized exchange. The cause of the hack may have been a failure by Bancor to protect authentication keys that allowed for changes in its token smart contracts.
Aaron Sherman, who recently made the transition from serving as an FBI agent investigating cybercrime and nation-state threats to working at Braintrace on ways to improve detection and response efforts, shares insights on the career change.
A new kind of cyberattack that targeted financial institutions in Europe and Russia to steal nearly $100 million illustrates how threats are evolving, says Brian Hussey of Trustwave, who discusses mitigation steps.
As businesses change their key strategies, they must ensure they mitigate new risks that emerge, says Chris Testa of Cybereason. This must go beyond a defense-in-depth approach to include a plan for what to do when an inevitable intrusion occurs, he says.
Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.
Stolen data is one thing - the consequences are obvious. But what if data is not stolen or leaked, but rather altered? What could be the damage? Diana Kelley of Microsoft discusses the emerging topic of data integrity and how to preserve it.
Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.