Microsoft has patched a startling vulnerability in its anti-malware engine, once again demonstrating that security applications can sometimes be the Achilles heel of a system.
The cybersecurity epitaph of the fired FBI director could read: "He showed courage to take on Apple." Comey publicly battled Apple CEO Tim Cook over unlocking the iPhone of the San Bernardino shooter, becoming the face of the proponents who seek ways to bypass encryption on mobile devices.
Hot sessions at this week's OWASP AppSec Europe 2017 conference in Belfast, Northern Ireland, cover everything from the EU's General Data Protection Regulation and fostering better SecDevOps uptake, to quantum-computing resistant crypto and ransomware economics.
An examination of the maturing of cybercrime leads the latest edition of the ISMG Security Report. Also, understanding the Intel Active Management Technology flaw.
Mobile payments are more secure than online and card payments, says David Lott, a payments risk expert with the Retail Payments Risk Forum at the Federal Reserve Bank of Atlanta. But how customers use their mobile devices can dramatically affect transactional security.
The Department of Homeland Security is warning IT service providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware on critical systems.
As the practice of crimeware as a service matures, the defensive game for security leaders completely changes, says Michelle Cobb of Skybox Security. She explains how organizations should respond.
A security application for ATMs that's designed to thwart "jackpotting" attacks, where cash machines are commanded to surrender their holdings, has been found to have a serious vulnerability.
Hackers have reportedly exploited the SS7 mobile telecommunications signaling protocol to drain money from online bank accounts used by O2 mobile phone subscribers. Despite rising security worries relating to SS7, many telcos have yet to explore related fixes.
As fraudsters continue to improve their email spoofing with better socially engineered schemes, business email compromise attacks will become more successful, says Denyette DePierro of the American Bankers Association, who discusses how banks can help customers avoid becoming victimized.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties - was breached and payment card data and customers' personal details may have been stolen.
The figure sounds alarming, 60 percent of small companies went belly up within six months of a breach. And that stat was repeated several times by lawmakers as a House panel debated - and approved - a bill aimed at helping small businesses battle hackers. But is that number true?
IBM and Lenovo have issued a security alert, warning that they inadvertently shipped malware-infected USB flash drives to some customers who use their Storwize hardware. The malware, known as Reconyc, is designed to install additional attack code on infected endpoints.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.