Leading the latest version of the ISMG Security Report: a look at how various sectors are moving away from checkbox compliance, instead taking proactive measures to secure their information assets. Also, big increase in e-commerce fraud and Yahoo's costly breach.
Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.
Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.
New ransomware circulating via BitTorrent is disguised as software that purports to allow Mac users to crack popular Adobe and Microsoft applications. Separately, new ransomware calling itself Trump Locker appears to be the previously spotted VenusLocker ransomware in disguise.
Researchers have demonstrated the first practical attack against the SHA-1 cryptographic hash function. While security experts had already recommended dropping SHA-1, some browsers and other security tools still rely on it.
A federal judge in Illinois has rejected part of a search warrant application that would allow police to force anyone present at the time of a raid to use their fingerprints to unlock digital devices. But the decision far from resolves the issue of law enforcement's efforts to overcome encryption.
Emerging insider threats have quickly proven that the proverbial "walled garden" is not so walled after all, and without true end-to-end encryption, insiders and outsiders can compromise sensitive data, says Dr. Phillip Hallam-Baker of Comodo Group.
Every year, information security professionals flock to San Francisco for the annual RSA Conference. From the debut of "Trumpcryption" to cybersecurity's "greatest hits" set to hip-hop violin, here are some of the 2017 event's highlights.
At the request of German authorities, British police have arrested a suspected hacker involved in last year's disruption of 1 million Deutsche Telekom customers' routers via Mirai malware, which targets default credentials on internet-connected devices.
State officials who oversee elections have formally objected to a DHS designation of America's electoral system as critical infrastructure. The National Association of Secretaries of State is asking DHS Secretary John Kelly to rescind the designation made by his predecessor, Jeh Johnson.
For anyone who's worried about the rise of quantum computers and the risk that they could be used to crack modern, public-key crypto systems, leading cryptographers at the RSA Conference 2017 delivered a clear message: For now, do nothing.
Verizon will pay $350 million less for Yahoo than it first offered because the deal subsequently became tainted by three data breach disclosures. Yahoo's lower value is a study in how data breaches can impact big business transactions.
Staying current in threat detection is key, which is why more security companies need to embrace a more open way of thinking when it comes to solutions integration, says Christopher Kruegel, CEO of Lastline.
Increasing regulatory oversight is overwhelming smaller banks and credit unions, pushing them to continue to focus more on compliance than overall cybersecurity and resilience, says Sean Feeney, CEO of Defense Storm.
Organizations are increasingly turning to user behavioral analytics to help more quickly detect new attacks - emanating from inside or outside the enterprise - as well as mitigate those threats, says CA's Mark McGovern.