Dan Clements of IntelCrawler, the research firm that claims it traced malware apparently used in the Target breach and other retailer attacks, outlines steps merchants, banks and others should take to secure their networks.
Because of concerns of possible National Security Agency meddling with its cryptographic standards, NIST has issued a draft report proposing revisions in how it develops cryptographic standards.
The University of Maryland has confirmed a "sophisticated computer security attack" against a database containing almost 310,000 records of current and former students, faculty, staff and others.
Leading this week's industry news roundup, IBM introduces forensics software designed to retrace actions of cybercriminals. Also, ThreatMetrix announces frictionless context-based authentication, and more.
Lawsuits that card issuers have filed against Target to help recoup expenses associated with the retailer's breach aren't likely to reap big rewards, two legal experts say. But they are sending a strong message.
Many security incidents that affect the nation's critical infrastructure go unnoticed due to a lack of sufficient detection or logging capabilities, according to a new report, which calls for enhanced monitoring and reporting of incidents.
The Pentagon continues to work to fix network vulnerabilities nearly a half-year after attackers - reportedly from Iran - breached the Navy Marine Corps Intranet.
A government agency in Puerto Rico has levied a multi-million dollar HIPAA penalty against a health insurer for a 2013 breach involving a mailing error that affected only about 13,000 beneficiaries.
A law firm has developed a free iPhone app, Data Breach 411, to help organizations with breach notification compliance. The app provides links to 46 state data breach notification laws, relevant federal statutes and other resources.
Organizations need to be wary when using commercial databases for potential employees' background checks, says Les Rosen of Employment Screening Resources, detailing the top screening trends for 2014.
You'd think that preventing damage caused by cyber-attacks would be incentive enough to get organizations to adopt cybersecurity best practices. But the government is working with industry to develop incentives to encourage adoption.
Despite their differences on certain issues, the Financial Services Roundtable and the Retail Industry Leaders Association have joined forces in an effort to prevent breaches by enhancing cybersecurity and threat intelligence sharing.
Now that the cybersecurity framework has been released, security experts are pondering whether the voluntary approach to following the guidance might eventually need to be replaced by some sort of mandate.
While many organizations rely on employee training to help mitigate the risks of spear phishing, such efforts are generally ineffective, says Eric Johnson of Vanderbilt University, who explains why a technical solution might be better.
Website security firm CloudFlare is warning organizations worldwide to be on the lookout for an increase in larger DDoS attacks. But these NTP attacks are far less sophisticated than the earlier DDoS attacks that targeted U.S. banks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.