The method the Internal Revenue Service used to authenticate users, which failed to keep sophisticated hackers from breaching a taxpayer-facing system, has been widely criticized by cybersecurity experts.
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
What's wrong with the way we're practicing cybersecurity now? What are the biggest security gaps? BAE Systems Applied Intelligence's Jim Anderson shares his view.
Vendors' and software makers' over-reliance on security messages and warnings has left users habituated to them, thus rendering such alerts less effective or even worthless, warns cybersecurity expert Alan Woodward.
A game-changing impact of the Edward Snowden leaks about previously secret National Security Agency surveillance activities is the increased use of encryption, such as to protect email, says Peter Swire, a former White House chief privacy counsel.
To entice more women, as well as men, to enter information security professions, researcher Lysa Myers says the industry needs to kill its boring image and better communicate the full array of opportunities available and the skills that are in demand.
Using personal information gained from third-party sources to circumvent authentication protections, hackers breached 100,000 accounts of taxpayers who had used the IRS's "Get Transcript" application, which has been temporarily shuttered.
Banking is no longer just about bricks-and-mortar. With institutions increasingly adopting Web and mobile banking, the threat landscape is changing. Cisco's Pravin Srinivasan shares insight for practitioners.
It's no surprise that virus-wielding hackers are exploiting Internet of Things devices. Blame too many device manufacturers rushing products to market, skimping on secure development practices and failing to audit the third-party code they use.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
Britain's computer emergency response team - CERT-UK - reports that malware remains the dominant mode of online attack for cybercriminals, and Zeus their most preferred tool of choice. But the team is promoting a free information-alert service to help.
While the "Logjam" vulnerability raises serious concerns, there's no need to rush related patches into place, according to several information security experts. Learn the key issues, and how organizations must respond
In addition to providing training, healthcare organizations should consider implementing technology to help prevent user mistakes that can lead to breaches of protected health information, says Geoffrey Bibby of ZixCorp.
U.S. merchants that aren't able to accept EMV chip cards by October should be bracing for significant upticks in card fraud expenses. Unfortunately, many merchants are far from prepared.
"Millions" of devices from numerous router manufacturers appear to use a third-party software component called NetUSB, which can be exploited to bypass authentication checks and remotely take control of the devices, security researchers warn.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.