The advanced and persistent nature of today's cyber-attacks, which are often waged by nation-states, is changing the way organizations address network security, says BitSight CEO Shaun McConnon.
Application security is not keeping pace with evolving attacks, says Prasenjit Saha, a CEO at the consultancy Happiest Minds Technologies. One problem: lack of a standard, secure coding process in the application development life cycle.
Chinese officials have reportedly agreed to delay some banking-sector requirements aimed at foreign technology vendors, who were instructed to submit to rigorous audits and to add government-approved backdoors to their products.
Experts debate the value of new PCI guidance for how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. Does the new advice go far enough?
DDoS attackers have been targeting the popular code-sharing website GitHub. Security experts say the massive attacks appear to have originated from China and been designed to disrupt access to GitHub-hosted anti-censorship tools.
Slack Technologies, a tech start-up that offers a group chat tool, announces it's rolling out two-factor authentication after hackers breached a database of user profile information.
To help take down global "carding" rings, the U.S. Justice Department wants to expand current law so it can prosecute those who commit fraud anywhere in the world that involves U.S. payment card data.
Nine compelling threats will make securing IT more challenging than ever over the next two years, says Steve Durbin, managing director of the Information Security Forum.
Psychologically speaking, nothing beats the power of a well-timed deadline. And love it or hate it, Google's 90-day "Project Zero" deadline for fixing flaws - before they get publicly disclosed - has rewritten bug-patching rules.
As data breaches continue to multiply, employers must not overlook how intrusions could lead to the theft of employees' identities, paving the way for fraud, says ID theft expert Johnny May. He will keynote the March 24 Fraud Summit Atlanta.
A federal judge has granted preliminary approval of a $10 million settlement of a consolidated class action lawsuit filed on behalf of consumers affected by the massive 2013 Target data breach.
Web.com won't confirm or deny that its Register.com subsidiary, which manages more than 2 million domain names, has been breached. But a news report claims the FBI is investigating a year-old intrusion.
When Todd Davis helped found LifeLock in 2005, ID fraud was a niche consumer issue. Today it's a major enterprise risk. What are today's top fraud threats, and where are some of the surprising security gaps?
Microsoft has revoked a fraudulent SSL digital certificate issued in the name of its Finnish Windows Live service. But security experts warn that some software may "trust" the certificate for years, so it could be exploited in phishing campaigns.
Experts analyze a news report that the investigation into the hack attack against JPMorgan Chase could result in criminal charges being filed in the "coming months" because investigators believe at least some suspects can be extradited.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.
