What's the best way to spring your citizens from foreign jail if they've been detained on U.S. hacking charges? That's a question that continues to plague Russia, including in the ongoing case against Aleksey Burkov, who's been charged with being part of a $20 million payment fraud scheme.
Russian attack group Turla has been named and shamed for hijacking Iranian nation-state attackers' infrastructure. The aim of GCHQ and NSA's attribution is, in part, to make Turla's future cyber espionage efforts more costly and time-consuming.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec. 31, 2020, authorities are emphasizing the need to make a smooth, uniform migration to the new forms of authentication.
The FBI is warning banks, businesses and other organizations that cybercriminals are using social engineering and other technical techniques to circumvent multifactor authentication security protections.
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Because banks, fintech firms, merchants and payments processors in the EU have struggled to meet the Sept. 14 deadline for compliance with the new PSD2 "strong customer authentication" requirements for electronic payments, it may take a while for European consumers to notice authentication changes.
A medical center and a children's hospital in Puerto Rico are victims of a recent ransomware attack impacting a total of more than a half million individuals. The combined incident is the largest ransomware breach reported to federal regulators so far in 2019. How is this threat evolving?
Misconfigured file storage technologies and a lack of basic security controls are the root causes for the inadvertent online exposure of 2.3 billion files worldwide that contain personal information, including sensitive medical data, says Harrison Van Riper, a security researcher at Digital Shadows.
A vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.
Sensitive information, including credit card and phone numbers, was left exposed to the internet on an unsecured database belonging to Fieldwork Software, which provides cloud-based services to small businesses, researchers note in a new report.