All U.S. publicly traded companies should review how they internally disseminate breach information and expect to see revised cybersecurity guidance, says William Hinman, the director of corporation finance for the U.S. Securities and Exchange Commission.
A federal judge has dismissed a lawsuit filed against anti-malware software vendor Malwarebytes over its labeling of two applications as being harmful. Plaintiff Enigma Software says it plans to appeal the decision.
A report on the head of Equifax contending that his company - not individual consumers - owns the personally identifiable information the credit reporting agency markets to lenders leads the latest version of the ISMG Security Report. Also, a preview of the ISMG Healthcare Security Summit.
French cloud computing and hosting giant OVH has apologized to customers after it suffered an outage that left many individuals unable to access websites, email accounts, online databases and other infrastructure. In response, it's promised to be much more paranoid.
The financial sector is under increasing threat from cybercrime syndicates, and the distributed nature of today's predominantly Russian-speaking attackers is making them tough to disrupt, says Rob Wainwright, director of Europol.
The FBI is still working to unlock the mobile phone of Devin P. Kelley after he shot and killed 26 people in a church in a rural Texas town. The revelation seems certain to revive the contentious debate over the use of strong encryption to protect consumers and their devices.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
The former CEO of Yahoo, which has had 3 billion records exposed in a 2013 data breach, testified at a Senate hearing that it's tough for any corporation to defend against nation-state backed cyberattacks. That led senators to grill Marissa Mayer about the security steps Yahoo had taken.
Researchers have discovered how to speed up an attack disclosed last month that recovers secret RSA encryption keys generated by faulty Infineon software in TPM chips. Estonia has blocked and plans to replace weak security certificates on 750,000 of its smart ID cards used for healthcare and e-voting.
With only six months until the EU's General Data Protection Regulation is enforced, organizations across the world that handle Europeans' data are grappling with compliance challenges, including how long to retain PII, says Devender Kumar of Mphasis, who offers advice on effective strategies.
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.
Fraudulent SWIFT money-moving attacks continue, as one of Nepal's largest private-sector commercial banks, NIC Asia Bank, says attackers tried to steal $4.4 million after hacking its SWIFT server. Most of the funds have since been recovered.
Equifax says four senior executives - including its CFO - did not know the company had suffered one of the worst breaches in history when they collectively sold about $1.8 million worth of shares. Equifax's board found that 12 days elapsed before the first of the four learned about the hack.
Prasanna Lohar, head of technology at DCB Bank, describes how 20 banks in India are working together to identify the best ways to leverage blockchain technology to help fight fraud and improve services, such as customer onboarding.