A set of vulnerabilities in AMD chipsets that gives attackers enduring persistence on machines appears to be legitimate. But experts are questioning the motivations of the Israeli security company that found the flaws, contending it ambushed AMD to maximize attention.
Security operations center, or SOCs, will not lose their relevance even as Cyber SOCs become more common because both have strengths and weaknesses, says Shiju Rawther, head of technology infrastructure and security operations at a credit bureau in India.
Some security experts in Asia are raising concerns about legislation the European Union might soon consider that, if enacted, would force technology and social media companies to hand over customer data held outside the EU so it can be used in criminal investigations.
Whoever unleashed malware built to disrupt last month's Winter Olympics in Pyeongchang, South Korea, designed it to look like it had been executed by a group of hackers tied to North Korea. But researchers at the security firm Kaspersky Lab say any such attribution would be false.
Penetration testing can help find vulnerabilities that aren't typically identified by scanning and other monitoring. But the testing comes with some risks, Duke Health CISO Chuck Kelser and pen tester John Nye explain in a joint interview.
The U.S. Senate is considering a banking reform bill that would ban credit agencies' practice of charging for a credit freeze, one of the crucial steps experts say can help pre-empt identity theft. Lawmakers have been under intense pressure to create laws that better protect consumers following Equifax's data breach.
More than 95,000 servers that run the open source Memcached utiltity appear to remain vulnerable to being abused to launch massive DDoS attacks, with one such attack reaching a record 1.7 terabits per second. Here's how organizations and IT administrators must respond.
Too many organizations lack an effective strategy for using the latest security technologies to protect their data centers, says Sridhar Pinnapureddy, founder and CEO at CtrlS Datacenter, Asia's largest Tier 4 data center.
The attorney general of Pennsylvania has filed a lawsuit against Uber for allegedly violating the state's mandatory breach notification law. It's the latest in a long string of legal and regulatory repercussions Uber is facing after waiting more than a year to disclose a serious breach.
In yet more evidence of the security shortcomings of government websites in India, a researcher determined that the websites of Bharat Sanchar Nigam Limited, or BSNL, the state-run telecommunications company, were hackable because of SQL injection vulnerabilities.
Anyone who dined out at one of 166 Applebee's restaurants in 15 states may have had their payment card details compromised by point-of-sale malware infections that began in November 2017, RMH Franchise Holdings warns.
Although more organizations are adopting cloud access security broker technology, CASB policy templates and runbooks, as well as best practices, are still evolving, says Rohit Gupta, group vice president for cloud security products at Oracle Corp.
Equifax has identified 2.4 million U.S. consumers whose names and snippets of their driver's license numbers were stolen, adding to one of the worst breaches in history, which resulted in personal data for most U.S. adults being exposed.
Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.