With hack attacks continuing against banks, SWIFT must follow in the footsteps of other vendors - notably Microsoft - and begin offering detailed, prescriptive security guidance to its users, says Doug Gourlay of Skyport Systems.
Russian email service Mail.Ru says its users' credentials contained in data leaked to Hold Security are 99.982 percent invalid, leading it to slam the security firm for stoking "media hype." But Hold Security's CISO contends the leak contains valid email addresses that could be used for phishing and spam.
A security firm claims to have obtained from a young Russian hacker a data set that includes 272 million unique credentials for Hotmail, Gmail and Yahoo email addresses, among others. But there's no reason to panic, security experts say.
Five new payment card data security requirements for third-party service providers are among the most significant changes included in version 3.2 of the PCI Data Security Standard released April 28, says Troy Leach of the PCI Security Standards Council.
A soon-to-be-launched pilot project funded by the National Institute of Standards and Technology aims to provide a potential model for how online access to patient information can be streamlined while boosting security, NIST trusted identities expert Phil Lam explains in this audio interview.
RSA Via Access allows you to deliver secure access to cloud and mobile applications without creating roadblocks for users. Streamline and simplify end-user access and authentication so end users can securely and conveniently access all of their applications and achieve greater productivity.
In a one-on-one discussion about today's top healthcare security challenges, Premise Health CISO Joey Johnson talks about the "paradigm shift" needed to move entities from a compliance mindset to one that embraces true cybersecurity.
The keys to the digital kingdom are too easy to steal through malware and social engineering. What can security leaders do to help raise their organizations' level of privileged access management? Ken Ammon of CA Technologies offers insights in this video interview.
The PCI Security Standards Council will soon release an update to its PCI Data Security Standard, requiring the use of multifactor authentication for administrators who have access to card data networks. In an interview, the council's Troy Leach explains the new requirements and compliance expectations.
Networking giant Fortinet warns that more products than it initially suspected have a hardcoded password that attackers could abuse to remotely gain backdoor access to vulnerable devices. But why did the flaws take so long to be found?
Security experts are warning that Chinese networking product manufacturer TP-Link has been shipping routers with a WiFi password that's based on their MAC address, thus making their passwords easy for would-be attackers to sniff.
The PCI DSS was developed to "encourage and enhance cardholder data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data." Even by following the PCI DSS guidelines, it is...
Every company, regardless of size, has confidential information that needs to be protected. With data breach incidents happening on an almost weekly basis, organizations must take the necessary precautions to ensure their data is secure. But how many organizations are truly making efforts to keep their data...