An important lesson to learn from the massive JPMorgan Chase breach is that banks can't just focus on protecting card data and online banking accounts; they also must protect their customers' personally identifiable information.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
JPMorgan Chase has confirmed that 76 million households and 7 million small businesses were impacted by a breach that reportedly began in June and was not detected until late July. One fraud expert calls the breach "a national crisis."
As researchers scramble to learn more about Shellshock and the risks it poses to operating systems, servers and devices, Michael Smith of Akamai explains why not all patches are actually fixing the problem.
The Justice Department announces that four alleged members of an international hacking ring have been charged with stealing intellectual property valued at $100 million, including a U.S. Army Apache helicopter simulator and Microsoft Xbox prototypes.
Banking institutions must mitigate all Shellshock vulnerabilities in their internal and customer-facing banking systems. Experts recommend beginning with automated and manual Bash-bug scanning, as well as educating customers about the risks.
The automated version of the IT risk management and governance framework should save project leaders 30 to 60 hours of work over a manual process of building a secure IT system, ISACA President Robert Stroud says.
The social media savvy Islamic State frightens most of the world with its gruesome Internet postings of executions and online recruitment of new Jihadists. But is the terrorist group likely to launch cyber-attacks?