Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A third-party audit financed by the New York Times discovers a high-risk vulnerability but overall gives Securedrop Workstation a positive security bill of health. [Read More]
The U.S. Department of Homeland Security's CISA is directing federal agencies to scan their Microsoft Exchange environments for four weeks and report if they find any compromised servers. [Read More]
The U.S. Department of Justice this week announced official charges against Wyatt A. Travnichek, a Kansas man accused of accessing and tampering with a public water system. [Read More]
Citrix warns that the bugs could result in privileged code in a guest virtual machine to crash the host or render it unresponsive. [Read More]
North Korean government-backed APT group caught using a fake pen-testing company sock puppet Twitter and LinkedIn accounts in an escalation of a hacking campaign targeting security research professionals. [Read More]
A serious security bug in the 'netmask' npm package leads to misinterpretation of IP addresses. [Read More]
CompuCom shares information on the cost of recovering from a cybersecurity incident, including loss of revenue and major service disruptions. [Read More]
Reuters is reporting that a draft executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies. [Read More]
Researchers flag a critical security hole in the official Facebook for WordPress plugin and warn it could be abused for remote code execution attacks. [Read More]
Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. [Read More]

FEATURES, INSIGHTS // Fraud & Identity Theft

rss icon

Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Travis Greene's picture
While a credit freeze can protect against the opening of fraudulent credit accounts, it is not an inoculation against identity theft. What can be done to help protect identities and the attributes associated with them?
Ting-Fang Yen's picture
The attackers may be looking for the path of least resistance, but there is no shortcut to securing your platform.
Lance Cottrell's picture
In addition to basic credit monitoring, breached companies need to get ahead of the attacks and start providing security solutions that actually protect the victims before they are victimized again.
Torsten George's picture
While effective at curbing “petty crimes” such as credit skimming / cloning, EMV does not address more sophisticated cyber-attacks that target backend systems which contain card holders’ most sensitive information.
James Foster's picture
Many fraudulent accounts are mere satire or innocuous trolling, but others are created with far more devious intentions.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Mark Hatton's picture
They always say in the investment world that cash is king. We are now seeing that in terms of cyber as well. Stealing cash, it’s even better than stealing money.
Gant Redmon's picture
When it comes to cybercrime, the police really can’t and aren’t going to protect residents of your town. The same goes for all towns and cities. Unless you’re talking a high six-figure theft, it's unlikely an officer will be assigned to your case.
Gant Redmon's picture
The holiday season is a time of giving. But savvy security and technology professionals such as yourselves know, both during the holidays and year-round, that not all giving is good.