The right authentication controls at the right time for the right transactions - the adaptive authentication message is taking off, says OneSpan's Tim Bedard. And here are some quick wins organizations might focus on when starting down the path.
Checkers Drive-In Restaurants says 102 of its 900 U.S. locations were hit with point-of-sale malware, with one California restaurant infected over a more than two-year period starting in December 2015. Checkers is the latest victim in a string of attacks against retailers, restaurants and hotel chains.
The latest edition of the ISMG Security Report analyzes the "blame game" in the wake of a ransomware attack against the city of Baltimore. Also featured: Discussions of cyberthreats in the financial services sector and open source security concerns.
Infosecurity Europe returns to London June 4-6, featuring more than 230 sessions over three days covering a range of topics, including application security, automation, data protection, risk management, incident response and threat analysis. Here's a preview of 11 hot sessions.
Private equity firm Insight Partners has announced it's acquiring threat intelligence specialist Recorded Future in a $780 million all-cash deal, capping a week of significant deal-making activity in the global information security vendor market. Find out what other deals were announced.
A security researcher has found a significant flaw all versions of Docker, an open source container platform, that can give attackers read and write access to all the files within the host system, allowing them to execute arbitrary code. As of now, there's no patch available.
Anyone looking for clarity on whether Special Counsel Robert Mueller believes President Trump is innocent of committing any crimes came away empty-handed from Mueller's press conference Wednesday, when he declined to exonerate the president. But Mueller again accused Russia of attempted election interference.
News aggregator Flipboard has initiated a systemwide password reset affecting as many as 150 million users following two database intrusions. Flipboard doesn't collect ID or financial information, but users could be at risk if they have reused their Flipboard password on other services.
For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.
Driven by the EU's General Data Protection Regulation and other regulations, as well as the move to the cloud, more organizations are turning to data classification to help them silo and protect their most sensitive information, says Tony Pepper, CEO of Egress.
Never underestimate the human factor in attacks. Indeed, many of today's top attacks - from malware to phishing - require some level of interaction from victims. "They're targeting people - they're targeting the users within our businesses," says Proofpoint's Adenike Cosgrove.
When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.
Financial services firms write off a certain level of online fraud as a cost of doing business, but these losses directly fund organized crime and help legitimize cybercrime as a career path, says Trusted Knight's Trevor Reschke, who stresses the sector must do more to combat fraud.
The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any technical detail or present solid facts or alternatives to suspect technology, says Jaya Baloo, CISO of KPN Telecom.
On the sixth stop of a multi-city tour, ISMG and Sonatype visited San Francisco for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses the relevance and value of this application security conversation.