Experts debate the value of new PCI guidance for how businesses should use penetration testing to identify network vulnerabilities that could be exploited for malicious activity. Does the new advice go far enough?
Psychologically speaking, nothing beats the power of a well-timed deadline. And love it or hate it, Google's 90-day "Project Zero" deadline for fixing flaws - before they get publicly disclosed - has rewritten bug-patching rules.
A former systems administrator at a Romanian financial services institution has been extradited to the U.S. and charged with orchestrating an international hacking scheme that included attacks on medical offices, retailers and security firms.
In a landmark judgment, the Supreme Court of India struck down the controversial Section 66A of India's Information Technology Act, saying it violated the right to free speech as guaranteed by India's constitution.
U.S. prosecutors are asking a judge to rescind his decision to provide a free defense for a Russian citizen who faces 40 charges relating to the alleged theft and sale of at least 2 million credit card numbers.
Target Corp.'s pending settlement of a consumer class action lawsuit is more about public relations than compensating victims, some observers say. But will it have an impact on a pending suit filed by banks?
As data breaches continue to multiply, employers must not overlook how intrusions could lead to the theft of employees' identities, paving the way for fraud, says ID theft expert Johnny May. He will keynote the March 24 Fraud Summit Atlanta.
A federal banking regulatory agency has issued a warning about a new phishing campaign that aims to con consumers into disclosing personal and financial details by feigning to be a request from the regulator.
When Todd Davis helped found LifeLock in 2005, ID fraud was a niche consumer issue. Today it's a major enterprise risk. What are today's top fraud threats, and where are some of the surprising security gaps?
More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of nuclear reactors, under the threat of leaking sensitive information. But it's not clear how many such attacks generate revenue for attackers.
Ransomware attacks are getting more agile, varied and widespread, and are increasingly taking aim at businesses of all sizes in all sectors, rather than consumers. That's why employee education is so critical.
Mattel will sell a cloud-connected $75 "Hello Barbie" doll that can "listen" to what kids are saying and talk back. But security experts warn that anything that connects to the Internet can - and will - be hacked.
Both Microsoft and Apple this week released patches to address the so-called "Freak" flaw in SSL/TLS. Microsoft also released a fix that addresses a failed 2010 patch for a vulnerability that was exploited by the Stuxnet malware.
When IT veteran Branden Spikes founded his own company devoted to isolating browsers from attacks, he thought building the technology would be the top challenge. The venture capital community proved him wrong.