The face-off between security researchers and biometric authentication continues, with a group from Vietnam claiming to have fooled the facial-recognition system, called Face ID, that's built into Apple's latest iPhone by using a handmade mask that includes 3D printouts and a silicone nose.
Rare, massive data breaches don't necessarily pose the greatest risk to organizations, according to a new study co-authored by Google researchers. Also beware of quiet pedestrian schemes - think phishing, keyloggers - and attack tactics unchanged since the mid-2000s.
A federal judge has dismissed a lawsuit filed against anti-malware software vendor Malwarebytes over its labeling of two applications as being harmful. Plaintiff Enigma Software says it plans to appeal the decision.
French cloud computing and hosting giant OVH has apologized to customers after it suffered an outage that left many individuals unable to access websites, email accounts, online databases and other infrastructure. In response, it's promised to be much more paranoid.
The financial sector is under increasing threat from cybercrime syndicates, and the distributed nature of today's predominantly Russian-speaking attackers is making them tough to disrupt, says Rob Wainwright, director of Europol.
The FBI is still working to unlock the mobile phone of Devin P. Kelley after he shot and killed 26 people in a church in a rural Texas town. The revelation seems certain to revive the contentious debate over the use of strong encryption to protect consumers and their devices.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
Ransomware and other cyberattacks will be the biggest health technology hazard in 2018, according to the ECRI Institute. It's the first time the patient safety research organization has listed cyber issues as the top threat.
Researchers have discovered how to speed up an attack disclosed last month that recovers secret RSA encryption keys generated by faulty Infineon software in TPM chips. Estonia has blocked and plans to replace weak security certificates on 750,000 of its smart ID cards used for healthcare and e-voting.
Former Yahoo CEO Marissa Mayer may have envisioned spending her post-Yahoo days seeking new work or experimenting with other search engines. Instead, she gets to sit in a Senate hot seat alongside former Equifax CEO Richard Smith, defending past data breach response decisions.
The acting director of the U.S. Office of Personnel Management cites "audit fatigue" as a factor that explains why the federal agency, which experienced a massive data breach in 2015, continues to come up short in securing its information systems.
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.
Information Security Media Group's Healthcare Security Summit in New York on Nov. 14-15 will feature a top-notch lineup of more than 40 experts, including leading CISOs, who will explore such issues as battling ransomware, improving medical device security and beefing up breach prevention.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.