An important lesson to learn from the massive JPMorgan Chase breach is that banks can't just focus on protecting card data and online banking accounts; they also must protect their customers' personally identifiable information.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
Prompted by Heartbleed and other vulnerabilities, the White House is giving the Department of Homeland Security authority to conduct regular and proactive scans of federal civilian agency networks.
"Selling spyware is not just reprehensible, it's a crime," says a U.S. Justice Department official. So why are 245 local U.S. law enforcement agencies and prosecutors giving spyware away for free?
As researchers scramble to learn more about Shellshock and the risks it poses to operating systems, servers and devices, Michael Smith of Akamai explains why not all patches are actually fixing the problem.
Banking institutions must mitigate all Shellshock vulnerabilities in their internal and customer-facing banking systems. Experts recommend beginning with automated and manual Bash-bug scanning, as well as educating customers about the risks.
The automated version of the IT risk management and governance framework should save project leaders 30 to 60 hours of work over a manual process of building a secure IT system, ISACA President Robert Stroud says.
As news of the Shellshock bug continues to spread, CISOs in all sectors are taking steps to mitigate the risks posed by the vulnerability. Likewise, regulators and industry groups have ramped up dissemination of alerts.
Attackers have exploited the Shellshock vulnerability - a.k.a. Bash bug - to infect at least 700 Linux systems with malware that includes the ability to launch DDoS attacks. Users of Unix systems are vulnerable.
To mitigate the newly discovered Bash bug - AKA Shellshock - which may make millions of systems vulnerable to remote takeover, organizations must take several key steps, says security expert Alan Woodward.
The social media savvy Islamic State frightens most of the world with its gruesome Internet postings of executions and online recruitment of new Jihadists. But is the terrorist group likely to launch cyber-attacks?
Security experts are warning that millions of systems - Apache servers, Linux and Mac systems, and innumerable Internet of Things devices - may be vulnerable to a flaw in Unix that attackers are already using to gain shell access.
When it comes to the evolution of machine data, security organizations now can improve protection and the top line. How can they maximize the business benefits? Jean-Francois Roy of TIBCO shares tips.
Although malware attacks against POS terminals at retailers have been in the spotlight, banks and credit unions need to be aware of the emerging threat of malware targeting ATMs, say Trustwave's Matthew Jakubowski and Graham Mott of the U.K.'s ATM network.
A researcher says he tricked the Touch ID biometric fingerprint scanner built into the new iPhone 6, using a fake fingerprint created with glue. But it remains to be seen how well would-be fraudsters could employ this technique.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.