The lack of a strong security culture at Equifax - especially compared to its two main competitors - was a key factor contributing to its 2017 data breach that exposed the personal records of 145 million Americans, according to a 71-page Congressional report.
Strong business resilience metrics for measuring effectiveness, simpler networks and smaller tool sets are all needed to cope with the evolving threat landscape, says retired Major General Earl Matthews, senior vice president at Verodin.
JavaScript sniffers - specialized malware that skims credit card information and other data from online shopping - are becoming far more prevalent, with several cybercriminal groups using the malware to target victims all over the world, a new analysis by security firm Group-IB finds.
Federal investigators have opened a counterintelligence investigation into possible spying by the Chinese government following the arrest of a 32-year old woman at the Trump Organization's Mar-a-Lago private club in Florida last week, according to the Miami Herald.
Keynotes and briefings at the recent 28th annual RSA Conference 2019 covered a wide range of topics, including privacy, hackers, cyber extortion, machine learning, artificial intelligence, human psychology, legal matters, career advice and internet-connected device concerns. Here are 15 highlights.
Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from UpGuard say. One data set contained 540 million unsecured records, the report found.
An "Asian female" has been arrested for attempting to access President Donald Trump's Mar-a-Lago club while he was staying there, claiming she wanted to use the pool. Prosecutors say the apparent Chinese national was carrying a USB thumb drive containing "malicious software" - and had no swimsuit.
In addition to relying to heavily on anti-virus and anti-malware tools, small and midsize enterprises lack the resources or expertise to catch new and sophisticated forms of attacks, says Dell's Brett Hansen, who offers strategic insights.
Vendor risk management must be a higher priority in all business sectors and must extend beyond security to include privacy, says Kabir Barday of OneTrust.
Security researcher Zammis Clark, who pleaded guilty to hacking Microsoft - with an accomplice - and later Nintendo, as well as stealing data and uploading malware to Microsoft's network, has received a suspended sentence.
When a company plans to make an acquisition, it should conduct a "compromise assessment" to assess whether the organization being purchased has had an undiscovered breach, says Steve Ledzian, CTO for Asia Pacific at FireEye.
If you run a Magento-powered e-commerce site, it's time to patch again. E-commerce sites continued to be targeted by cybercriminals seeking to steal payment card data, and experts recommend moving quickly to plug the most critical flaw, a SQL injection vulnerability.
Communication of cyber risks to executives using enterprise risk methodologies is imperative for improving incident prevention, according to Randy Trzeciak and Brett Tucker of Carnegie Mellon University, who offer tips.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.