In this edition of the ISMG Security Report, you'll hear our editors explore how hackers use Java script for ransomware, the latest digital currency security issue and privacy threats posed by virtual reality.
A report that the Russian government hacked into Democratic National Committee systems has security experts warning that just because malware was found on a hacked network, that doesn't mean a specific individual, group or nation-state was involved.
After channeling horror films and holding control of smart TVs for ransom, the ransomware innovation du jour involves attackers crypto-locking files using JavaScript. But security experts say IT administrators can deploy some relatively easy defense measures.
A mass password reset by Citrix-owned GoToMyPC shows how online service providers are still grappling with the fallout from recent large data breaches.
As the PCI Security Standards Council celebrates its 10th anniversary, Troy Leach, the council's chief technology offer, offers his assessment of how its Payment Card Industry Data Security Standard could evolve in the next 10 years.
Adobe Flash security alert redux: All enterprises should immediately update - or delete - all instances of Flash Player, following reports that a zero-day flaw in the Web browser plug-in is being targeted by the new "ScarCruft" APT group.
The FBI is warning U.S. businesses to beware of business email compromise scams focused not just on creating fraudulent wire transfers, but also stealing personally identifiable information. Experts, however, are criticizing the FBI's alert as being too little, too late.
The annual Infosec Europe conference in London included a number of information security highs and lows, from hackers in hoodies and Guy Fawkes masks to free ice cream and Mikko Hypponen revealing that he too has been pwned.
Apple is building "differential privacy" into iOS 10 to try and block attempts to identify or track individual users based on their behavior, keyword searches or other activities. But will the functionality perform as advertised?
In an interview, Doug Johnson of the American Bankers Association explains why the ABA rejects the Retail Industry Leaders Association's contention that a legislative proposal to hold retailers to the same cybersecurity standards as banks is unfair.
Russia's arrest of 50 suspected hackers earlier this month seems to have spooked the developers of the Angler exploit kit, an attack tool responsible for spreading ransomware and malware. But is Angler gone for good, or simply retrenching?
My initial reaction to Microsoft's announcement that it plans to buy LinkedIn for $26.2 billion in cash: I guess its massive 2012 data breach - and the loss of virtually every user's credentials - didn't hobble the company's long-term prospects.
First the hackers came for our credit cards. Now they're taking control of our TVs. Witness the latest version of FLocker - for "frantic locker" - which is designed to lock Android devices, including smart TVs.
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.
The $1 million penalty that the SEC imposed on Morgan Stanley for its failure to prevent a former employee from compromising 730,000 client accounts is too low to send a strong message to financial services firms about the need for stronger cybersecurity and internal fraud controls, security experts say.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.