Latest

Anti-Malware

Fancy Bear's Sloppy Mac Malware

Jeremy Kirk  •  September 30, 2016

A new kind of malware for Mac OS X has been linked to Fancy Bear, the Russian group suspected of hacking the DNC and the World Anti-Doping Agency. But the malware only poses a low risk to users, experts say.

Cybersecurity

Why Cybercrime Is On the Rise; Update on Threat Info Sharing

Eric Chabrow  •  September 30, 2016

The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the status of the U.S. government's cyberthreat information sharing initiative.

ID & Access Management

Why Are We So Stupid About Passwords? Yahoo Edition

Mathew J. Schwartz  •  September 30, 2016

The Yahoo breach - and the theft of unencrypted security questions and answers - is a reminder to use unique passwords and security questions, store them using a password safe and take advantage of two-factor authentication whenever it's available.

Cybersecurity

Yahoo Hacked by Cybercrime Gang, Security Firm Reports

Mathew J. Schwartz  •  September 29, 2016

Blunting Yahoo's attempt to blame nation-state attackers for its record-breaking breach, security firm InfoArmor says it's traced the 2014 hack to a cybercrime gang that's quietly resold the stolen data several times over.

Cybersecurity

Cybercrime: Ransomware, CEO Fraud Still Going Strong

Mathew J. Schwartz  •  September 28, 2016

A new cyberattack trend report from Europol notes that while online criminals continue to refine their capabilities, old and unsophisticated attacks too often still succeed, thanks to poor digital hygiene and a lack of security by design and user awareness.

Encryption

Rep. McCaul: US Must Gain Decryption Edge

Eric Chabrow  •  September 27, 2016

House Homeland Security Committee Chairman Michael McCall calls on Congress to increase spending on quantum computing research to ensure that the United States is the first nation to employ quantum computing as a tool to decrypt data. "We can't lose this one to the Chinese," he says.

►

Fraud

Mobile Wallets: The Next Fraud Target?

Tracy Kitten  •  September 27, 2016

As the U.S. ramps up its migration to EMV chip payments over the next three to five years, fraudsters will shift their attention to mobile wallets, says Al Pascual of Javelin Strategy & Research, who describes why in this video interview.

Data Breach

Yahoo Faces Lawsuits Over Breach

Jeremy Kirk  •  September 27, 2016

Several civil lawsuits have been filed against Yahoo over the compromise of 500 million accounts. But such lawsuits have a mixed record of success in U.S. federal courts.

Breach Preparedness

Cloud Security Paradigm: Time for Change?

Varun Haran  •  September 27, 2016

Cloud computing has already led to a fundamental shift in the enterprise computing paradigm, and security now needs to follow, says Gartner's Steve Riley, who shares recommendations.

Application Security

Why CISOs Must Make Application Security a Priority

Geetha Nandikotkur  •  September 26, 2016

As pressure to speed the development of applications intensifies, CISOs must be the "voice of reason," taking a leadership role in ensuring security issues are addressed early in app development process, says John Dickson, principal at Denim Group, a Texas-based security consultancy.

Breach Notification

Yahoo Breach: The Great 'Nation-State' Cop Out

Mathew J. Schwartz  •  September 26, 2016

Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.

Anti-Malware

The Malware Threat Grows: So Now What?

Tracy Kitten  •  September 23, 2016

Given the rapid spread of malware and difficulties with detection, what actions should organizations take? In this interview, Chris Novak of Verizon and Stephen Orfei of the PCI Security Standards Council offer insights.