Dan Clements of IntelCrawler, the research firm that claims it traced malware apparently used in the Target breach and other retailer attacks, outlines steps merchants, banks and others should take to secure their networks.
In this week's breach roundup, read about the latest incidents, including a credit card breach affecting customers of a Canadian online health and beauty products store and a breach at a British grocery store chain's website.
Leading this week's industry news roundup, IBM introduces forensics software designed to retrace actions of cybercriminals. Also, ThreatMetrix announces frictionless context-based authentication, and more.
Lawsuits that card issuers have filed against Target to help recoup expenses associated with the retailer's breach aren't likely to reap big rewards, two legal experts say. But they are sending a strong message.
A law firm has developed a free iPhone app, Data Breach 411, to help organizations with breach notification compliance. The app provides links to 46 state data breach notification laws, relevant federal statutes and other resources.
Despite their differences on certain issues, the Financial Services Roundtable and the Retail Industry Leaders Association have joined forces in an effort to prevent breaches by enhancing cybersecurity and threat intelligence sharing.
Many endpoints in the healthcare sector, including medical devices, are being hacked because of inadequate security, according to a new study from the SANS Institute that identified apparent vulnerabilities at 375 organizations.
Forbes and Kickstarter have fallen victim to apparently unrelated cyber-attacks that have compromised user accounts. The companies are urging users to reset their passwords and monitor for any suspicious activity.
Now that the cybersecurity framework has been released, security experts are pondering whether the voluntary approach to following the guidance might eventually need to be replaced by some sort of mandate.
While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.