Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks to improve the odds of finding the perpetrators, says Assistant U.S. Attorney Camelia Lopez in this video interview.
NIST is soliciting comments from stakeholders on whether its cybersecurity framework is helping organizations secure their information systems. Those observations could result in an update of the framework, NIST's Adam Sedgewick explains in this interview.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
A security researcher claims he's found an Internet-connected "leaky database" that is storing voter registration records for 191 million Americans. But who's apparently been leaving the information exposed?
Banking and government institutions, and other organizations that employ Juniper Networks gear, are being actively targeted after the company warned that it discovered that someone added a backdoor to the firmware in 2012. Who's responsible?
Understanding the promise of user behavior analytics is one thing. Deploying them to detect and respond to threats is quite another. Bert Rankin of Fortscale offers tips on practical application of the latest UBA solutions.
The rising profile and increasingly complex nature of cyberattacks was a major development in 2015. What are the key threats for security practitioners to be wary of in the year ahead? FireEye CTO APAC Bryce Boland shares insights.
To help train more cybersecurity professionals, academia must work with business and government to find enough qualified trainers and educators, says George Washington University Professor Diana Burley.
Too many recent high-profile breaches resulted from attackers using legitimate user credentials to infiltrate critical systems. Fortscale's Bert Rankin tells how user behavior analytics help organizations catch attackers after the breach.
The HHS Office for Civil Rights will dramatically ramp up its HIPAA enforcement activities in 2016, fueled by a financial infusion from recent fines in HIPAA cases, predicts privacy attorney David Holtzman of CyngergisTek, a former OCR senior adviser.