Attacks against U.S. banks using Gozi Prinimalka, the Trojan behind a planned banking blitzkrieg, are quietly continuing, with the most recent infection discovered April 4, McAfee researcher Ryan Sherstobitoff says.
A point-of-sale-software vulnerability is to blame for a malware attack that exposed hundreds of debit and credit accounts in one southeastern city, a card issuer says. The attack highlights increasing POS risks.
The potential loss of experienced personnel could lead to a shortage of skilled employees and place a greater burden on the existing cybersecurity staff, as well as seriously affect the daily operations of the federal government.
NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.
Kaspersky Lab has identified a new spear-phishing attack involving a Trojan designed to target Android devices. Researcher Kurt Baumgartner says organizations need to be prepared for more mobile malware attacks.
A rider covertly added to the law to fund the government through September requires select agencies to assess technology purchases for cyber-espionage and sabotage, a process that could make it harder to buy wares to secure IT.
Sensitive information contained in Securities and Exchange Commission computers are at risk of being publicly exposed because of lack of proper controls, according to audits by the SEC inspector general.
E-mail authentication foils phishing, but authentication is only effective if every partner in the chain adopts it. John Carlson and Andrew Kennedy of BITS explain how institutions can improve e-mail practices.