A judge has dismissed a class-action lawsuit against Michaels, filed after the retailer warned that POS malware-wielding attackers had successfully stolen details of an estimated 2.6 million payment cards. But the ruling isn't a surprise - here's why.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
Adobe is warning Flash users to update their software immediately in the wake of zero-day attacks that can enable attackers to take full control of vulnerable systems. This year, Adobe has patched 316 bugs in Flash. Is it time for the plug-in to die?
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
Jeremy King of the PCI Security Standards Council explains why it has extended its compliance deadline for encryption updates aimed at phasing out SSL and TLS 1.0. But he stresses that merchants, processors and acquirers should not wait to make upgrades.
Cybersecurity is becoming an issue in the U.S. presidential campaign, finally. That's good news because it's critical in our day-to-day lives. But are the candidates doing the issue justice in the way they address it?
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
Security experts are warning that Internet-connected devices - including toys - should be treated as insecure and untrusted until proven otherwise. Have our collective information security shortcomings ever been more seasonally appropriate - or scarier?
New details emerging about a breach involving a former Morgan Stanley employee illustrate how a case of inappropriate access to data can blossom into something much more serious. The case shines a spotlight on the urgent need to mitigate insider threats.
European Union lawmakers and member states have drafted landmark proposed cybersecurity rules that set minimum levels of security across a number of critical infrastructure sectors, including energy, transportation, health and financial services, and require companies in those sectors to alert authorities to breaches.
A U.S. House committee recently passed legislation that's aimed at helping law enforcement bring to justice cybercriminals from other nations who buy and sell payment card data stolen from U.S. citizens. But would it really help the global fight against cybercrime?
Turns out electronic learning products can be bad for children's privacy - and for their parents too. The VTech breach highlights how, despite repeated warnings, too many manufacturers continue to not take security seriously.
Target Corp. has reached a proposed $39.4 million settlement with a group of financial institutions that sued the retailer over fraud losses and expenses suffered as a result of Target's December 2013 data breach.
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.