Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
Attorney Kevin McGinty analyzes the potential impact of a Massachusetts judge's unusual decision to allow a class-action lawsuit stemming from a health data breach to proceed, despite a lack of evidence of harm stemming from the incident.
A judge has dismissed a class-action lawsuit against Michaels, filed after the retailer warned that POS malware-wielding attackers had successfully stolen details of an estimated 2.6 million payment cards. But the ruling isn't a surprise - here's why.
GovInfoSecurity announces its seventh annual list of top influencers - lawmakers, top government officials, practitioners and thought-leaders whose leadership has a substantial influence on government cybersecurity policy.
In the coming months, the Department of Homeland Security will implement a new cyberthreat information sharing law designed to help prevent breaches. But will the Cybersecurity Act of 2015 really make a difference?
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
Jeremy King of the PCI Security Standards Council explains why it has extended its compliance deadline for encryption updates aimed at phasing out SSL and TLS 1.0. But he stresses that merchants, processors and acquirers should not wait to make upgrades.
President Obama has signed legislation to incentivize businesses to share cyber threat information with the federal government. On Dec. 18, both houses of Congress passed the measure as part of a $1.1 trillion spending package.