A hotel booking website hack - resulting in stolen payment cards - triggers a regulator's warning that businesses still need to pay close attention to eliminating SQL injection vulnerabilities from their websites and emphasizing secure coding.
In addition to 56 million payment cards being compromised in the Home Depot data breach, approximately 53 million e-mail addresses also were stolen, the retailer reported in an investigation update on Nov. 6.
The developers of the Backoff point-of-sale malware that's infected more than 1,000 U.S. businesses have continued to refine their attack code, including encrypting communications and making the malware tougher to spot or eradicate, researchers say.
Apple iOS and Mac OS X devices are susceptible to WireLurker, a previously unseen malware family that spreads via a third-party Chinese app store, and which can infect even non-jailbroken iOS devices, Palo Alto Networks warns.
Amy McHugh, a former FDIC IT examination analyst, says banking regulators will soon scrutinize C-level executives and boards of directors to gauge their cybersecurity awareness in the wake of the FFIEC's pilot cyber-risk assessment program.
Nearly three years after his indictment, the alleged kingpin of an Estonian gang that infected 4 million PCs in more than 100 countries with malware, generating an estimated $14 million in fraudulent online ad revenue, has been extradited to the U.S.
A foreign currency flaw in Visa's EMV-based contactless payment card system in the U.K. could be abused to commit fraud using NFC-enabled Android devices, researchers say. But Visa discounts the possibility of real-world attacks succeeding.
FBI and Department of Homeland Security agents have arrested two men on charges that they stole $5.8 million using reloadable debit cards, which they funded by tricking to threatening victims into adding funds to a money-sending service.
Automated attacks have potentially compromised the majority of websites that run the Drupal content management system, giving attackers platforms for launching malware, DDoS attacks and spam, according to the Drupal security team.
As part of their breach response strategies, organizations need to establish clear guidelines in advance so they know when it's appropriate to offer victims free credit monitoring or ID theft protection services.
Information security experts say espionage-focused attackers, apparently operating from Russia, have been using phishing e-mails and malware in multi-stage attacks designed to evade detection and steal political and military secrets.
The annual Amsterdam gathering of information security aficionados detailed the very latest hacking threats, including cybersecurity attacks via drone, sniffing data from fitness devices, and exploiting ATMs using Raspberry Pi computers.
Sophisticated threats require advanced threat protection. A threat-focused next-generation firewall must adhere to three strategic imperatives. Learn how these imperatives improve defense against advanced threats.
London police have arrested a suspect on charges that he participated in a series of ATM malware attacks that netted Â£1.6 million ($2.6 million) from 51 cash machines over a three-day holiday weekend in May.