There's often a dangerous trade-off made between convenience and security. That's illustrated no better than by a recent issue patched by Microsoft. It's an attack so devilishly smooth that it's a wonder hackers had not figured it out before.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
Interbank messaging service SWIFT will begin collecting and sharing anonymized attack information and offering incident-response services - backed by Fox-IT and BAE Systems - to help hacked banks. But will financial institutions buy in?
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.
Cyberattacks are increasing in frequency, complexity, nuance and stealth. But human error, business compulsions and increasingly complex environments make it difficult to maintain adequate defenses, says Juniper Network's CTO for India and SAARC
The $940 billion compensation awarded to Epic Systems in its case against Indian IT major TCS is unprecedented - shaking the industry out of its complacency to information security. Cyber law expert "Naavi" takes a close look at the implications for India.
The section chief of the FBI's Cyber Division says "the FBI does not condone payment of ransom," in part because it enables criminals to victimize others. Instead, the bureau continues to urge all potential victims to get their IT house in order.
Are you making the most of all the intelligence available to you today? What are the practical aspects of plugging abstract threat intelligence into your specific business use cases? Deloitte's Parthasarathy shares deeper insight.
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
It's springtime in San Francisco: cue the annual RSA Conference. Here are some notable trends that have already emerged from the event, ranging from ransomware and phishing attacks to hacker self-promotion and Facebook fakery.
With the U.S. accelerating its adoption of the EMV chip, encryption and tokenization, life is going to get tougher for fraudsters, and card-not-present fraud will rise, says PCI Council Director Jeremy King. Regions with poor data security must beware.
The trend across industries is that automation results in a drastic reduction of operational job roles, even as it brings in economies of efficiency. What then does automation in security mean for the profession?
Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
How many networking vendors - like Juniper - have been selling devices with backdoors attackers could use to intercept and decrypt communications? Some networking giants say they've launched code reviews. But why are eight vendors staying silent?