Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks to improve the odds of finding the perpetrators, says Assistant U.S. Attorney Camelia Lopez in this video interview.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
The HHS Office for Civil Rights will dramatically ramp up its HIPAA enforcement activities in 2016, fueled by a financial infusion from recent fines in HIPAA cases, predicts privacy attorney David Holtzman of CyngergisTek, a former OCR senior adviser.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
The latest strain of Android malware called SlemBunk tries to trick mobile banking application users into sharing their banking, social network and other credentials, as security experts see the number of mobile malware attacks continuing to increase.
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
In terms of malware, 2015 will go down as the year that ransomware got big, and the organized criminals behind it got bolder. IBM's Limor Kessem discusses what to expect from advanced malware variants in 2016.
FireEye has issued an emergency security alert - and related patch - to fix a serious flaw discovered by Google researchers. The episode follows FireEye earlier this year being criticized for serving an injunction against other security researchers.
The FBI has arrested three men on charges that they participated in a hacking and identity theft scheme designed to fuel spam campaigns, including the insider-enabled theft of account details for 24.5 million Comcast customers.
Twitter has issued its first-ever alerts to some users that they may have been "targeted by state-sponsored actors." Some cryptographers, software developers and security experts say they have received the alerts.
Check fraud - it not only won't go away, but it is morphing to keep pace with consumers' digital banking habits. David Barnhardt of Early Warning talks about this persistent fraud threat and how banking institutions should respond to it.
Two new malware reports - one from security researchers at technology giant Cisco, another from cybersecurity firm FireEye - demonstrate how developers continue to refine malicious code to maximize information-stealing and extortion potential.
Passage of cyberthreat information-sharing legislation could hinge on how the measure is presented to Congress, and its fate could be tied to a massive omnibus appropriations bill to fund the federal government for the remainder of fiscal 2016.