Banking institutions must mitigate all Shellshock vulnerabilities in their internal and customer-facing banking systems. Experts recommend beginning with automated and manual Bash-bug scanning, as well as educating customers about the risks.
The automated version of the IT risk management and governance framework should save project leaders 30 to 60 hours of work over a manual process of building a secure IT system, ISACA President Robert Stroud says.
When the new Apple Pay mobile payment system launches in October in the United States, it could help improve payment security. This infographic reviews the system's features and how to put them to use.
As news of the Shellshock bug continues to spread, CISOs in all sectors are taking steps to mitigate the risks posed by the vulnerability. Likewise, regulators and industry groups have ramped up dissemination of alerts.
Attackers have exploited the Shellshock vulnerability - a.k.a. Bash bug - to infect at least 700 Linux systems with malware that includes the ability to launch DDoS attacks. Users of Unix systems are vulnerable.
Leading this week's industry news roundup, IBM opens a new cloud resiliency center to provide business continuity capabilities, and Gemalto launches a solution to enable secure eBanking applications on PCs.
Security experts are warning that millions of systems - Apache servers, Linux and Mac systems, and innumerable Internet of Things devices - may be vulnerable to a flaw in Unix that attackers are already using to gain shell access.
Financial institutions are starting to report fraud tied to the massive Home Depot payment card data breach. One card issuer calls the fraud ramp up "much greater than what we saw from Target, Michaels and Neiman Marcus."
Fraudsters continue to make inroads against financial institutions based in the United Kingdom - and beyond - because banks aren't working together to share information about the attacks they see, according to presenters at the London Fraud Summit.