Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
The former Morgan Stanley financial adviser who in September pleaded guilty to stealing confidential customer information and saving it on his home server will not serve time in prison, even though some of that data was posted online.
Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.
The rising profile and increasingly complex nature of cyberattacks was a major development in 2015. What are the key threats for security practitioners to be wary of in the year ahead? FireEye CTO APAC Bryce Boland shares insights.
Too many recent high-profile breaches resulted from attackers using legitimate user credentials to infiltrate critical systems. Fortscale's Bert Rankin tells how user behavior analytics help organizations catch attackers after the breach.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
President Obama has signed legislation to incentivize businesses to share cyber threat information with the federal government. On Dec. 18, both houses of Congress passed the measure as part of a $1.1 trillion spending package.
In the largest monetary award obtained by the FTC in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers' personally identifiable information.
As it continues to ramp up its cybersecurity enforcement efforts, the FTC could take action next year against consumer wearable device makers if they fail to live up to their promises to protect the privacy of health data and other information, says researcher Stephen Cobb, who also expects scrutiny from the FDA.
In terms of malware, 2015 will go down as the year that ransomware got big, and the organized criminals behind it got bolder. IBM's Limor Kessem discusses what to expect from advanced malware variants in 2016.
Cybersecurity is becoming an issue in the U.S. presidential campaign, finally. That's good news because it's critical in our day-to-day lives. But are the candidates doing the issue justice in the way they address it?
Europe looks set to pass sweeping new data protection rules, which would give consumers more control over how their personal information gets used and require organizations to notify authorities whenever they suffer a data breach.
FireEye has issued an emergency security alert - and related patch - to fix a serious flaw discovered by Google researchers. The episode follows FireEye earlier this year being criticized for serving an injunction against other security researchers.
After years of failing to enact cyberthreat information-sharing legislation, Congress is poised to vote on a measure this week that would incentivize businesses to share voluntarily threat data with the federal government and with each other.