Breach defense is a strategic business issue for most enterprises, but too many cybersecurity solutions rely more on flash than substance, says Lastline CEO Chris Kruegel. It's time to start talking about true breach defense.
Better, stronger fraud-detection intelligence - that's the promise of the new 3-D Secure 2.0 protocol for digital merchants, networks and financial institutions. But what should organizations do to prepare? James Jenkins of CA Technologies weighs in.
The Reserve Bank of India issued a notice to all cooperative banks advising them to apply caution while deploying third-party core banking applications and check for appropriate security standards. The move came after credential theft incidents at some banks. But will banks heed the advice?
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware. What can other organizations do to avoid becoming the next victim?
Singapore's largest healthcare group has suffered a hack attack that exposed 1.5 million residents' personal details. But authorities say the "deliberate, targeted and well-planned attack" appears to have been principally designed to steal medical information pertaining to the country's prime minister.
Despite having the Information Technology Act, which covers aspects of privacy, India needs a separate privacy law along the lines of the EU's General Data Protection Act, argues cyber lawyer Vaishali Bhagwat.
Hackers stole at least $920,000 from Russia's PIR Bank after they successfully compromised an outdated, unsupported Cisco router at a bank branch office and used it to tunnel into the bank's local network, reports incident response firm Group-IB.
This edition of the ISMG Security Report includes an analysis by Executive Editor Matthew J. Schwartz on President Donald Trump's changing views on election meddling, plus an update on voter data being accidently exposed by a robocalling company.
President Donald Trump has stated that he believes the Russian government attempted to interfere in U.S. elections. But at times, he appears to have also suggested that the interference may be attributable to other countries instead.
RoboCent, a company that specializes in robocalling voters, left nearly 3,000 files containing detailed data about Virginia voters online by mistake. The data has been secured, but the incident points again to ongoing problems of security misconfigurations in repositories and lack of end-to-end encryption.
A Greek court has ruled that Russian national Alexander Vinnik will be sent to France to face cybercrime charges. The U.S. has accused Vinnik of laundering $4 billion in bitcoins via the BTC-e exchange, which it said also handled stolen Mt. Gox and Silk Road bitcoins.
A ministry of agriculture website in India lacks basic security measures, risking exposing personal data of millions of farmers who use the site to obtain crop insurance, a security practitioner who uses the site has pointed out.
Why are attacks so successful? Legacy endpoint security products are creating more problems than they solve. There is too much cost and complexity, defenses aren't keeping up, and security staff is stretched thin.