While many banks and merchants in Britain, France and Germany have long complied with the PCI Data Security Standard, deregulation has led organizations in other European countries to start taking PCI compliance more seriously and use it for competitive advantage.
How low will ransomware go? New malware - dubbed Ranscam - demands bitcoins to unlock files, but in reality they've already been deleted, researchers warn. As always when it comes to defending against ransomware, preparation pays.
In the wake of the Hillary Clinton email controversy, organizations need to be more aware of the risks of unsanctioned "shadow IT" and take appropriate mitigation steps, says security expert Mac McMillan.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
Security firms are warning that they've seen a spike in infections tied to a virulent strain of trojanized Android adware called Shedun - a.k.a. HummingBad - that can root smartphones, survive factory resets and earn cybercriminals big money.
A bitter battle flares up in the fiercely competitive endpoint protection products market, and uncovering the real impact over Hillary Clinton's email server. These items highlight this edition of the ISMG Security Report.
The federal tally of major health data breaches shows that to-date in 2016, there have been more reported hacker incidents than during the first half of 2015. However, so far this year, those hacks appear to be affecting fewer individuals.
Forget the 2015 mega-breach, an ongoing FTC probe or multiple class-action lawsuits: A new leadership team wants to reboot infidelity-focused online dating website Ashley Madison, promising that this time they'll get security and privacy right.
More than half of all Android smartphones have a flaw that can be exploited to bypass the devices' full-disk encryption. As a result, law enforcement agencies - or attackers - could access all supposedly encrypted data being stored on vulnerable devices.
Healthcare entities should take several critical steps to minimize the security risks posed by older, legacy medical devices used in their organizations, says medical device cybersecurity expert Kevin Fu.
Endpoint protection vendors compete fiercely for customers, and allegations of impropriety are common among rivals. The latest battle pits Sophos against Cylance. Whose version of the story is the truth?
While malware may be used for an initial attack, hackers quickly begin using tools to move around networks that often don't raise suspicion. Here's what to look out for to detect a "low and slow" attack.
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.
Google Project Zero researcher Tavis Ormandy has once again found major vulnerabilities in Symantec's security products. Symantec has released updates, but not all will install automatically - some vulnerable products must be manually updated.
An individual claiming to be the hacker who posted four healthcare databases on the dark web reveals some of his tactics. We take a close look at the risks posed to one affected clinic, which faces a ransom demand.