A previously unknown cybercrime group has hacked into numerous organizations in the retail and hospitality sectors to steal an estimated 20 million payment cards, collectively worth an estimated $400 million via underground cybercrime forum sales, FireEye reports.
Apple's QuickTime media player and web browser plug-in should be immediately expunged from all Windows systems, security experts warn, in a reminder of the dangers of using outdated software - especially web browser plug-ins.
The scant - if not conflicting - details and sourcing attached to a recent news report on how the FBI cracked an iPhone 5c have left information security experts questioning both technical details and related agendas.
The continuing success of attackers stealing billions of dollars from organizations, often through simple business email compromise scams, is a sad commentary on the state of corporate security practices as well as our collective lack of cybersecurity smarts.
Tools and techniques need to be identified to aid law enforcement in gathering evidence from devices, such as smartphones, while safeguarding the security and privacy of individuals. Can stakeholders find that middle ground?
The PCI Security Standards Council envisions a single, globally-unified data security standard. Now that the European Card Payment Association is a strategic regional member, that goal is significantly closer, says Jeremy King, the council's international director.
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
Blockchain technology used by bitcoin and other cryptocurrencies offers opportunities for enhanced authentication and ID management, as well as cross-border money remittances, says Ben Knieff of the consultancy Aite. But he contends it's not clear that the technology could play a role in faster payments.
A thriving market now exists to help cybercriminals recruit new talent, says Rick Holland of the threat intelligence firm Digital Shadows, which has been studying how cybercriminals advertise for new recruits - and the types of technology skills that are most in demand.
The PCI Security Standards Council will soon release an update to its PCI Data Security Standard, requiring the use of multifactor authentication for administrators who have access to card data networks. In an interview, the council's Troy Leach explains the new requirements and compliance expectations.
Who's right: Apple or the FBI? Our readers continue to debate a magistrate judge ordering Apple to help unlock an iPhone tied to a San Bernardino shooter, raising such issues as strong crypto, backdoors as well as legal and moral responsibilities.
Security experts are warning that Chinese networking product manufacturer TP-Link has been shipping routers with a WiFi password that's based on their MAC address, thus making their passwords easy for would-be attackers to sniff.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.