Attackers likely purchased malware in underground "cybercrime-as-a-service" markets to use in recent credit card breaches, including the Target Corp. attack, a new report from McAfee Labs asserts. Adam Wosotowsky explains the report's findings.
A retailer should help pay for card re-issuance and other expenses after a breach if the merchant is shown to have had inadequate security in place, says Viveca Ware of the Independent Community Bankers of America.
Congress heard testimony from cybersecurity experts this week about the steps that should be taken to minimize the risk of breaches of the payments system. Learn what Troy Leach of the PCI Council and others had to say.
In the wake of its data breach last year, Target Corp. is overhauling its information security and compliance practices, launching a search for a new CIO and creating the position of chief information security officer.
In a keynote address at the RSA 2014 Conference, Kevin Mandia, founder of Mandiant, warns organizations to beware of "victim's fatigue," or letting your guard down after going six months without a breach.
Fraudsters continually find new ways to attack, but too many organizations rely on old, unsuccessful methods to detect and prevent fraud. This is the premise, says David Mattos, VP Sales, with Easy Solutions.
Verizon isn't offering many details about two retailer breaches it's reportedly investigating, which may be linked to the Target breach. But IntelCrawler's Dan Clements says the merchants were likely breached several weeks ago.
An address by FBI Director James Comey at the RSA security conference seems to equate civil liberties and privacy. But when he offers an example of balancing Americans' rights with cybersecurity, he mainly refers to the civil liberties, not privacy.