Recent versions of Windows have a security problem: They're not random enough, CERT/CC warns. The problem centers on certain uses of ASLR, which is designed to block return-oriented programming techniques and code reuse attacks.
Businesses need to find more ways of incentivizing good researchers to find flaws in technology before bad actors discover them, says Rafael Narezzi, CIO of financial services firm TS Lombard. For every bug hunter with good intentions, how many more are developing weaponized exploits for sale on darknet markets?
The PCI Security Standards Council is creating a payments software framework, including two new standards that can evolve as the software rapidly changes, Troy Leach, the council's CTO, explains in this in-depth interview.
It's a score to find a severe software vulnerability in a widely used Google product. But finding information on all unpatched software flaws reported to Google is a whole new, frightening level. Here's how one researcher did it.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.
Many recent data breaches, including the Equifax incident, show that "applications are really the vulnerable entry point into organizations and ultimately to organizations' data," says Alex Mosher of CA Technologies.
Equifax has yet to describe how its site was breached, except to blame a vague "U.S. website application vulnerability." But some security experts suspect that an unpatched flaw in Apache Struts, fixed by Apache in March, might have been exploited.
Building trust in digital banking is vital as financial fraud can cause customers to easily lose confidence in their financial institutions. Just one cybersecurity incident that results in the compromise of a customer account can drive customers to take their business elsewhere.
Download this whitepaper and...
Modern enterprises are in the midst of a digital revolution, adapting to the demands of Business 2.0. They are looking to embrace new business opportunities, expand into new markets, and propose new product offerings, as well as be more agile in responding to existing demands. This transformation relies on digital...
Today's FIs face a breadth of consumer demands, competitive threats and security and fraud risks. Acquiring and retaining consumers in a fiercely competitive marketplace flooded with waves of non-traditional players requires a consumer-centric digital strategy. The key enabler for an effective digital strategy is...
There's no denying that the proliferation of mobile devices presents new safety challenges for enterprises and consumers alike. But these potential challenges can be mitigated, paving the way for mobile to become a trusted, convenient and multipurpose enterprise digital ID.
Learn why mobile is the future of...
There's another option for governments trying to overcome the end-to-end encryption barrier: buy a zero-day software exploit. One prominent zero-day broker, Zerodium, has added encrypted messaging apps to its bounty list.
With customers expecting faster and more convenient services, the challenge isn't just intercepting suspicious transactions, but it's also about enabling legitimate transactions to proceed without interruption. To more effectively assess fraud risk, the ability to view omni-channel account activity in context is...