Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Three months after the EU's General Data Protection Regulation went into full effect, the U.K.'s data privacy watchdog says that the number of data protection complaints it has received from individuals has nearly doubled.
As general manager for payments and fraud prevention at Amazon Web Services, Keith Carlson has a unique perspective on detecting and preventing compromises in the cloud. He shares insights gleaned from dealing with scores of customers and their concerns.
Industry analysts first coined the term Identity-as-a-Service, IDaaS in 2006. But today, the vast majority of IDaaS implementations still focus on the "A" - access management - leaving organizations to piece together the rest. IBM's Michael Bunyard discusses how to put "Identity" back in IDaaS.
Spain's central bank says its website was intermittently offline as it struggled to repel a distributed denial-of-service attack. The temporary disruption is a reminder "stresser/booter" DDoS-on-demand services remain inexpensive, easy to procure and often effective.
A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.
Machine data and machine learning have the potential to connect disparate data sources, enabling better fraud detection and prevention, says Matthew Joseff of Splunk, who highlights real-world examples of fighting fraud with better data.
Companies that want to continue doing business globally will need to take privacy much more seriously, especially in light of increasingly strict new laws, ranging from the California Consumer Privacy Act to the EU's GDPR, says privacy and security expert Michelle Robles.
Philips and Becton Dickinson have each issued multiple alerts this year regarding cybersecurity flaws in some of their medical devices. Some security experts say the two companies' transparency about cybersecurity issues - including new alerts issued last week - should be emulated by other manufacturers.
Public health alert: Russian trolls have been spreading "polarized and anti-vaccine" misinformation via social media in a manner that appears designed to undercut trust in vaccines, researchers warn. Lower vaccination rates have already contributed to a rise in mass outbreaks of measles among children.
Although fraud schemes continue to evolve, social engineering remains a critical element, says Brett Johnson, a former fraudster who now advises organizations on how to fight cybercrime. He explains how new attacks are often tweaks of much older schemes.