Islamic State sympathizers are exploiting a vulnerability in a WorldPress Content Management System plug-in to deface the websites of news outlets, businesses, religious groups and governments in the U.S. and abroad, the FBI says.
The upcoming RSA Conference 2015 in San Francisco will feature sessions ripped from the headlines, reflecting the challenges security professionals face in safeguarding their organizations' systems and information.
AT&T, in a settlement with the FCC, agrees to pay a $25 million fine because call center employees in Mexico, Colombia and the Philippines accessed private information from some 278,000 customer accounts without authorization.
The DNS infrastructure underlying the Internet is the map that both the good guys and bad guys need. Dr. Paul Vixie, a member of the Internet Hall of Fame, discusses DNS' impact on the security landscape.
DDoS attacks are easy to launch yet difficult to defend against. Margee Abrams of Neustar discusses the state of DDoS and how organizations can best defend against today's potentially damaging attacks.
New, advanced point-of-sale malware dubbed "Poseidon" can exfiltrate card data directly from every infected device. And security experts warn that too many retailers fail to test POS devices and segment networks to mitigate all malware threats.
The Target breach was the hot topic for many RSA 2014 attendees, but Gartner's Avivah Litan was already talking about the next Target - a UK retailer that may have suffered a similar hack, exposing payment card data.
Troy Leach of the PCI Security Standards Council says data security standards are not failing; they just aren't being applied continuously. And conformance with the Payment Card Industry Data Security Standard is just one piece of the puzzle.
Security experts advise banking institutions to take several steps, including enhancing authentication and ramping up commercial customer education, as a result of an increase in sophisticated online banking attacks involving a new variant of Dyre malware.
As financial institutions update their defenses in light of new types attacks - from scams to network-penetrating cyber-attacks - they need to ensure they factor in all of the ways that their systems and employees might be targeted or manipulated.
Declaring a national emergency over hack attacks, President Obama signed an executive order authorizing the government to impose sanctions on hackers. But information security experts voice questions - and concerns.