Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
Could satellites play a role in distributing next-generation encryption keys? Robert Bedington, CTO and co-founder at Singapore-based SpeQtral, describes quantum communications via satellites in this in-depth interview.
Deception technology is evolving as a powerful asset in the cybersecurity arsenal, providing significant advantages in being able to monitor an attacker's behavior, says Joseph Krull, senior analyst at Aite Group.
The Reserve Bank of India has decided to allow all banks to use remote video-based "know your customer" authentication for onboarding new clients. But some observers say many Indian banks may prove reluctant to use video KYC because they lack the necessary technology and new customers lack smartphones.
As business email compromise schemes continue to evolve, some cybercriminals are focusing on accessing companies' financial documents, which provide useful information to support the theft of money, according to a new report from security firm Agari.
The latest edition of the ISMG Security Report discusses why Britain is struggling to determine whether to use China's Huawei technology in developing its 5G networks. Plus: An update on a mobile app exposing infant photos and videos online and an analyst's take on the future of deception technology.
A day after the NSA disclosed a significant vulnerability that could affect the cryptographic operations in some versions of Windows, security researchers started releasing "proof of concept" code designed to show how attackers potentially could exploit the flaw. This highlights the urgency of patching.
As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked. Seeking greater leverage against non-paying victims, Maze and Sodinokibi attackers are not just threatening to leak stolen data; they're also following through.
One gaping hole in the U.S. government's push to counter Chinese-built 5G telecommunications gear remains the lack of alternatives. But a bipartisan group of senators is seeking to create a $1 billion fund to create trusted, Western-built options.
While secure coding has always been an imperative, in a cloud-based environment, BMC Software's Rick Bosworth says it is especially critical since the liability does not rest with cloud services providers for secure configuration.
One of biggest challenges of complying with Thailand's Personal Data Protection Act, which will go into effect in May, is managing the consent of customers, says Surachai Chatchalermpun, CISO with Krung Thai Bank, the nation's largest state bank.
A federal judge in Atlanta has given final approval to a settlement that resolves a class action lawsuit against credit bureau Equifax, which in 2017 suffered one of the largest data breaches in history. The minimum cost to Equifax will be $1.38 billion.
A new Princeton University research paper finds that five major U.S. prepaid wireless carriers are leaving their customers open to SIM swapping attacks. The main culprit is weak account authentication procedures that attackers can easily exploit.
Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?