Critical infrastructure, including electricity grids and telecommunications networks, is under attack. Optiv's Brian Wrozek discusses the challenges CISOs face in dealing with increasingly connected industrial devices.
New York State Attorney General Eric Schneiderman, who resigned on Monday in the midst of a personal scandal, was known for being one of the nation's toughest state enforcers in cases involving breaches, privacy and fraud. So what happens next?
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
Security vendor ProtectWise says a series of operating mistakes has allowed it to gain insight into a group, believed to be affiliated with Chinese intelligence, that specializes in stealing code-signing certificates. The certificates allow for the signing of malware that's unlikely to raise security alarms.
Cybersecurity and fraud prevention functions need to start working more closely together to share and leverage cross-functional knowledge that can help improve security, says Michael Thelander of iovation.
We all know about May 25 and the enforcement deadline for Europe's General Data Protection Regulation. But what impact will GDPR have on cybersecurity programs? Danny Rogers of Terbium Labs weighs in on the topic.
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.
A dozen medication and supply management products from Becton Dickinson and Co. are vulnerable to flaws identified last year in the WPA2 protocol, putting the products at risk for so-called KRACK attacks, according to a federal alert. Such attacks can potentially lead to malware infections.
The attackers behind SamSam ransomware have been focusing not on infecting individuals' computers, but rather the systems of large organizations that they hope will pay for a "volume discount" - in one case, $46,000 - to decrypt all of their systems at once.
Industrial control system environments are tough to hack, because each is unique, says Sergio Caltagirone of Dragos. But the recent emergency of Triton malware shows that attackers have been testing how to compromise some environments, which could have catastrophic results.