How does an advanced threat adversary operate for 10 years, undetected? FireEye APAC CTO Bryce Boland shares details of the decade-long APT30 campaign that targeted organizations in India and Southeast Asia.
Comptroller of the Currency Thomas Curry says banks need to be better prepared to address the cyber-risks associated with new payments systems, and he calls for closer regulatory scrutiny of non-bank payments providers.
Cybercrime continues to evolve, offering an ever-increasing array of niche capabilities, ranging from attack techniques and infrastructure to related research and sales services, warns Trend Micro's Bharat Mistry.
During a time of significant change for corporations, when today's modern network extends far beyond the company's physical walls, it's disturbing that companies face such well-organized and pervasive threats.
The consolidated class-action lawsuit filed by banking institutions against Home Depot is more evidence of how issuers are no longer relying solely on card brands to be compensated for breach losses and expenses.
The EMV Migration Forum has published a new "roadmap" to help card issuers, acquirers and merchants prepare for the October card-present fraud liability shift date. Director Randy Vanderhoof explains why the clarification is needed.
A new breach reported by Heartland Payment Systems won't get much attention. But this incident could be more damaging to the undisclosed number of consumers affected than was Heartland's 2008 payment card breach.
Sally Beauty Supply says that a four-week investigation shows that the retailer suffered a six-week point-of-sale malware attack at U.S. stores, compromising card data for an unknown number of customers.
Wire fraud perpetrated via business email compromises has quickly become a top concern for banking institutions. Now one bank fraud executive predicts this type of fraud could exceed $1 billion this year.
Five best practices noted in version 3.0 of the PCI Data Security Standard will become requirements after June 30, with remote access and third-party risks the key focus - particularly for smaller merchants.
To entice more women, as well as men, to enter information security professions, researcher Lysa Myers says the industry needs to kill its boring image and better communicate the full array of opportunities available and the skills that are in demand.
It's no surprise that virus-wielding hackers are exploiting Internet of Things devices. Blame too many device manufacturers rushing products to market, skimping on secure development practices and failing to audit the third-party code they use.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
MasterCard's breach settlement with Target has been derailed after not enough card issuers agreed to the terms. Now MasterCard is expected to attempt to renegotiate, while banks continue with a class-action lawsuit against the retailer.
Britain's computer emergency response team - CERT-UK - reports that malware remains the dominant mode of online attack for cybercriminals, and Zeus their most preferred tool of choice. But the team is promoting a free information-alert service to help.