To prepare for compliance with the EU's GDPR, which will be enforced beginning in May, organizations must adopt a "privacy by design" approach, says Subhajit Deb, CISO at Dr. Reddy's Laboratories, an India headquartered pharmaceutical company that does business in 11 countries.
Digital certificate vendor Trustico is sparring with DigiCert, which recently took over Symantec's digital certificate business, over a serious security incident. The private keys for at least 23,000 Trustico digital certificates have been compromised, prompting a scramble to protect affected websites.
Cybersecurity company mergers and acquisitions continue. Among the major deals: The sale of PhishMe to a privacy equity syndicate and Splunk's purchase of Phantom. But these are just the latest in a series of moves so far this year as consolidation continues.
Despite the millions of dollars companies invest in cybersecurity programs, advanced persistent attackers constantly devise new means of breaking into corporate environments. How can deception technology offer a new alternative? Ofer Israeli of Illusive Networks explains.
A new strain of the Petya ransomware called "Bad Rabbit" is impacting business and sweeping across Russia and Ukraine, among other Eastern European countries. Like many of the other ransomware outbreaks, understanding fact from fiction is the first step in staying safe.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Punjab National Bank, which has been in the news for a $1.8 billion fraud incident, got more bad news when a security company revealed that payment card information for as many as 10,000 of the bank's customers has been for sale on the dark web. The two incidents do not appear to be related.
As banking institutions of all sizes maximize their digital channels, there is growing tension between the need to prevent fraud and the desire to maintain a frictionless customer experience. IBM Trusteer's Valerie Bradford discusses how to defuse this tension.
The U.S. Securities and Exchange Commission has released revised guidance "to assist public companies in preparing disclosures about cybersecurity risks and incidents." It includes new prohibitions on trading in corporate shares after a breach has been discovered but before investors have been notified.
As India continues its move to a cashless economy, the PCI Security Standards Council is collaborating with the Reserve Bank of India and the National Payments Corp. of India to roll out new software-based design standards for protecting cardholder data against new threats, says Jeremy King, PCI SSC's international...
Leading the latest edition of the ISMG Security Report: The Department of Justice indicts Russians for allegedly running an industrialized troll factory designed to influence U.S. politics. Also, a feature in Australia's new real-time payment system could be abused by identity thieves.
Want to meddle with a democracy? Just use its social media outlets against it to amplify already existing social divisions. That's the quick take on the indictment recently unsealed by Special Counsel Robert Mueller that accuses Russians of running an "active measures" campaign against the United States.
Now that it's been confirmed that an insider at Punjab National Bank paved the way for $1.8 billion in fraudulent transactions, RBI, the nation's central bank, is reiterating the need to strengthen security measures tied to SWIFT interbank transactions, and security experts are offering risk mitigation advice.
After a U.S. indictment charged Russians with running a troll factory that interfered in U.S. elections, groups tracking online disinformation campaigns warn that Russian bots are now debating the school shooting in Parkland, Florida. The White House is facing questions over what it's doing to deter Moscow.
Australia's real-time payments platform, which launched last week, includes a feature designed to reduce fraud and erroneous payments. Ironically, the feature may also expose users to social engineering attacks.