The Gandcrab ransomware has been a moving target. Since it was discovered in January, it quickly became one of the most widely distributed file-encrypting malware programs. Researchers with Cisco say they've now found it seeded within legitimate websites, making its spread tougher to stop.
When it comes to fraud, enterprise data has a story to tell, and it's up to security and fraud leaders to know how to interpret that story. Jim Apger of Splunk discusses reading and reacting to these stories.
If operational technology systems need to get connected to IT systems, it's essential to have tight controls on the network, says Lam Kwok Yan, professor of computer science and engineering at Nanyang Technological University in Singapore.
Critical infrastructure, including electricity grids and telecommunications networks, is under attack. Optiv's Brian Wrozek discusses the challenges CISOs face in dealing with increasingly connected industrial devices.
New York State Attorney General Eric Schneiderman, who resigned on Monday in the midst of a personal scandal, was known for being one of the nation's toughest state enforcers in cases involving breaches, privacy and fraud. So what happens next?
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
Security vendor ProtectWise says a series of operating mistakes has allowed it to gain insight into a group, believed to be affiliated with Chinese intelligence, that specializes in stealing code-signing certificates. The certificates allow for the signing of malware that's unlikely to raise security alarms.
Cybersecurity and fraud prevention functions need to start working more closely together to share and leverage cross-functional knowledge that can help improve security, says Michael Thelander of iovation.
We all know about May 25 and the enforcement deadline for Europe's General Data Protection Regulation. But what impact will GDPR have on cybersecurity programs? Danny Rogers of Terbium Labs weighs in on the topic.
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.