U.S. Investigations Services, which conducts background checks for the Department of Homeland Security and other agencies, says it has identified a cyber-attack on its corporate network; agencies have suspended use of the firm's services.
Expect every new warning of cybercrime attacks, online espionage or the malware du jour to be slickly marketed, with the announcements carefully timed. But is this bad for either the information security community or attackers' victims?
The PCI Council has unveiled new guidance for mitigating payment card risks posed by third parties. Troy Leach, the council's CTO, explains how banking institutions and merchants can put the guidance to use.
Millions of user credentials are breached regularly - whether we hear of the incidents or not. So, why do we continue to rely on passwords? Derek Manky of Fortinet discusses authentication and data retention.
That Russian hackers may be hording 1.2 billion credentials merely reflects the insecurity of the world we live in today, says David Perry, threat strategist at the Finnish IT security company F-Secure.
The hacker community can be a cynical crowd, or perhaps a realistic one, that tries to make the best of the threats confronting society. CISO Dan Geer, for example, prefers to hire security folks who are, more than anything else, sadder but wiser.
Delaware's recently enacted data destruction law sets itself apart from other regulations by permitting consumers, under certain circumstances, to file civil lawsuits against those who violate the law's requirements.