In an in-depth audio interview, Troy Leach of the PCI Security Standards Council describes just-released guidance that's designed to help organizations simplify network segmentation, a practice the council strongly recommends to help protect payment card data.
MSN and Yahoo are among the major websites hit by a wave of malicious advertisements that try to deliver malware to computers. It's a resurgence of activity by a group called AdGholas, which was active in July.
Coming soon to an internet service provider near you: routers infected by IoT device botnet-building malware such as Mirai. The latest victim is ISP TalkTalk, which is updating routers to block DDoS attackers who have been seizing control of the devices.
A just-issued report from President Obama's Commission on Enhancing National Cybersecurity outlines challenges the next administration should address. Observations from one of the panel's commissioners highlight the latest episode of the ISMG Security Report.
As fraudsters continually refine their techniques to steal banking customers' credentials, IBM fights back with new tools that use behavioral biometrics and cognitive fraud detection. IBM's Brooke Satti Charles offers a preview.
In an audio interview, Steve Durbin, managing director of the Information Security Forum, offers a forecast of the top security threats for the year ahead, including the ramping up of attacks fueled by "crime-as-a-service" offerings.
Visa and MasterCard have pushed back their EMV fraud liability shift date for U.S. pay-at-the-pump gas terminals from October 2017 to October 2020. They made the right decision, given the relatively low rates of card fraud at gas pumps.
Acknowledging the urgent IT security challenges the nation faces, a cybersecurity commission named by President Barack Obama encourages the incoming administration to adopt some of its recommendations in the first 100 days of Donald Trump's presidency.
Many members of Britain's Parliament regularly use technology - and tech firms - as a scapegoat for intractable social issues or failed government policies. Does the country's new mass surveillance law now enshrine technology scapegoating into law?
Encrypting healthcare data is a no-brainer, right? It keeps your organization off the Wall of Shame in the event of a breach, and it's just the right thing to do. So, why are so many healthcare entities still failing to encrypt?