Fraudulent SWIFT money-moving attacks continue, as one of Nepal's largest private-sector commercial banks, NIC Asia Bank, says attackers tried to steal $4.4 million after hacking its SWIFT server. Most of the funds have since been recovered.
Equifax says four senior executives - including its CFO - did not know the company had suffered one of the worst breaches in history when they collectively sold about $1.8 million worth of shares. Equifax's board found that 12 days elapsed before the first of the four learned about the hack.
Prasanna Lohar, head of technology at DCB Bank, describes how 20 banks in India are working together to identify the best ways to leverage blockchain technology to help fight fraud and improve services, such as customer onboarding.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.
Thom Langford, CISO of Publicis Groupe, says all companies should consider two essential elements when crafting an incident response plan: strong legal representation and a communications plan that considers both internal and external messaging.
The latest ISMG Security Report features highlights from the recent panel discussion at the ISMG Fraud and Breach Prevention Summit in London on preparation for the European Union's General Data Protection Regulation set to be enforced next May.
The U.S. Justice Department has identified at least six members of the Russian government that investigators believe orchestrated last year's hack of Democratic National Committee computers and dumping of stolen information and may file charges next year, the Wall Street Journal reports.
"Are we vulnerable to the attacks that are being reported in the media?" All CEOs and boards of directors should be asking that question of their information security team to ensure they don't suffer the same fate - especially when it comes to ransomware outbreaks, says David Stubley of 7 Elements.
To help prevent breaches caused by third parties, organizations need to improve their vendor risk evaluation methods, carefully assessing their business partners' processes and risk mitigation methods, says Anuj Tewari, CISO of HCL Technologies.
Technology lawyers for Twitter, Google and Facebook vowed before a Senate subcommittee on Tuesday to implement tighter controls on their platforms after finding Russia's disinformation and propaganda efforts on social media reached far more people in the U.S. than previously thought.
As the explosive growth of the internet of things continues, it's essential to take a structured approach to implement security-by-design with secure coding and end-to-end encryption of data, says Mumbai-based Juergen Hase, CEO of Unlimit, the IoT business unit of the Reliance Group.
Following the WannaCry outbreak, the British government says it's increased cybersecurity funding for England's national health service. But in addition to funding shortfalls and poor cybersecurity practices, experts have also blamed management failures, in part by the U.K. government.
It's a score to find a severe software vulnerability in a widely used Google product. But finding information on all unpatched software flaws reported to Google is a whole new, frightening level. Here's how one researcher did it.
When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.
Jennings Aske, CISO of New York-Presbyterian, says the healthcare sector is still struggling to figure out medical device security and contends that federal regulations have not been helpful in making it a priority.