The face-off between security researchers and biometric authentication continues, with a group from Vietnam claiming to have fooled the facial-recognition system, called Face ID, that's built into Apple's latest iPhone by using a handmade mask that includes 3D printouts and a silicone nose.
India is expected to announce in the coming months the formation of a cyber defense agency that would focus on protecting critical infrastructure, especially government and defense networks, from cyberattacks.
Rare, massive data breaches don't necessarily pose the greatest risk to organizations, according to a new study co-authored by Google researchers. Also beware of quiet pedestrian schemes - think phishing, keyloggers - and attack tactics unchanged since the mid-2000s.
A federal judge has dismissed a lawsuit filed against anti-malware software vendor Malwarebytes over its labeling of two applications as being harmful. Plaintiff Enigma Software says it plans to appeal the decision.
French cloud computing and hosting giant OVH has apologized to customers after it suffered an outage that left many individuals unable to access websites, email accounts, online databases and other infrastructure. In response, it's promised to be much more paranoid.
The financial sector is under increasing threat from cybercrime syndicates, and the distributed nature of today's predominantly Russian-speaking attackers is making them tough to disrupt, says Rob Wainwright, director of Europol.
The FBI is still working to unlock the mobile phone of Devin P. Kelley after he shot and killed 26 people in a church in a rural Texas town. The revelation seems certain to revive the contentious debate over the use of strong encryption to protect consumers and their devices.
Security practitioners must do a much better job of prioritizing their investments based on the most significant risks their organizations face, says Zulfikar Ramzan, chief technology officer at RSA, who offers insights on "fighting the right battle."
Researchers have discovered how to speed up an attack disclosed last month that recovers secret RSA encryption keys generated by faulty Infineon software in TPM chips. Estonia has blocked and plans to replace weak security certificates on 750,000 of its smart ID cards used for healthcare and e-voting.
Former Yahoo CEO Marissa Mayer may have envisioned spending her post-Yahoo days seeking new work or experimenting with other search engines. Instead, she gets to sit in a Senate hot seat alongside former Equifax CEO Richard Smith, defending past data breach response decisions.
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.
Nearly 50,000 personal records relating to Australian government employees as well as the employees of two banks and a utility were exposed to the internet due to a misconfigured Amazon storage server. The episode is the latest in a string of large breaches to hit Australia.
"Are we vulnerable to the attacks that are being reported in the media?" All CEOs and boards of directors should be asking that question of their information security team to ensure they don't suffer the same fate - especially when it comes to ransomware outbreaks, says David Stubley of 7 Elements.