A new California law requires that organizations experiencing a data breach provide more detailed information to the individuals affected. The law, which covers breaches involving financial, healthcare and other personal information, goes into effect Jan. 1.
Are executives spending too much time and energy focused on external hacks, sacrificing attention they should be paying to internal threats? It's good that business leaders understand insiders pose risks, but are they taking those risks as seriously as they should?
A repentant SparkyBlaze wants to go legit, leaving behind the hacktivism he helped foster as a member of Anonymous and start a career in the U.S. as a ethical hacker. As proof, he's offering advice to protect IT from hackers.
The Finnish security provider F-Secure concludes the attack e-mail doesn't look too complicated. In fact, it's very simple. But the exploit inside Excel was a zero-day attack at the time and RSA couldn't have protected against it by patching its systems.
The FDIC says the number of banks on its "Problem List" dropped during the second quarter of 2011, the first quarter-to-quarter decrease since 2006. But the failure respite could be short-lived, if the economy falls back in to recession.
The bright spot is that 36 percent of the takeover incidents reported in 2010 were stopped before fraudulent funds transfers were approved. That's an improvement from 2009, when only 20 percent were thwarted.
Fraud is a global concern, and an area regulators and financial institutions the world-over are watching closely, says Bill Isaac. Whether a cyberthreat or mortgage fraud, investments in fraud prevention will continue, despite the state of the international economy.
A new, free guide on Facebook security, though geared for users, details the practices chief information security officers and other organizational security practitioners should share with their staffs to assure not only safe Internet hygiene when workers access Facebook from work, but for use with other social media...
Ocean Bank failed to implement an effective BSA/AML Compliance Program, with internal controls "reasonably designed to detect and report money laundering and other suspicious activity in a timely manner," regulators say.
The PCI Security Standards Council's new guidance for tokenization offers clarification and recommendations for merchants struggling to determine which tokenization solution is best, especially where compliance with the Payment Card Industry Data Security Standard is concerned.