Security alert: Microsoft has issued updates to fix 67 unique flaws in its products. One vulnerability in Windows VBScript engine is already being actively exploited in the wild via malicious Word documents and could also be employed for attacks via websites and malvertising, Microsoft warns.
The rollout of EMV in the U.S. has transformed the card fraud landscape, with a major shift to online channels, says Shamoun Siddiqui, CISO at retailer Neiman Marcus.
Incident response plans must be carefully designed to meet the needs of a specific organization, says attorney Ron Raether, who outlines important legal considerations.
A coherent risk analysis program tailored to the organization is a vital component of any effort to improve cybersecurity and meet regulatory requirements, says attorney Shawn Tuma.
Critical infrastructure, including electricity grids and telecommunications networks, is under attack. Optiv's Brian Wrozek discusses the challenges CISOs face in dealing with increasingly connected industrial devices.
Spectre and Meltdown: It's déjà vu all over again as Intel is reportedly prepping a coordinated vulnerability disclosure announcement for eight new speculative execution flaws. One of the new flaws is apparently worse than any of the three Spectre/Meltdown variants that came to light in January.
New York State Attorney General Eric Schneiderman, who resigned on Monday in the midst of a personal scandal, was known for being one of the nation's toughest state enforcers in cases involving breaches, privacy and fraud. So what happens next?
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
Equifax says it continues to field queries from U.S. lawmakers about the full extent of its massive 2017 data breach, which occurred after an attacker exploited its unpatched Apache Struts web application. Research finds that many more organizations are using unpatched Struts applications.
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
The security industry is heavily reliant on old models that are breaking down, and trying to contort old tools to meet the needs of the new hybrid environment is difficult, says Leo Taddeo of Cyxtera.
Why do organizations need to take a top-down, risk-based approach to security? Sheetal Mehta of Wipro offers insights on optimizing security investments.
Good threat intelligence can help in facilitating information exchange between the network operations team and the security function, says Paul Bowen of Arbor Networks.
You're the new kid on the cybersecurity block. You believe you have a unique solution to address an unresolved challenge in the security stack, and beta customers are bullish on your company's potential. We asked: "So what?" What makes these companies different? See startups deliver their quick pitch.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.