The Meltdown and Spectre attacks from earlier this year showed how the quest to make CPUs run faster inadvertently introduced serious security vulnerabilities. Now, researchers have unveiled a new attack called Foreshadow that builds on those findings, affecting millions of Intel processors made over the past five...
Although cybersecurity plans sometimes clash with business goals, the role of security should be to enable the business and not necessarily lock everything down, says Andrew Woodward of Australia's Edith Cowan University.
Achieving built-in, rather than bolted-on security at the DevOps stage through transparent orchestration is the new mantra for building resilient systems and software, says Sumedh Thakar of Qualys.
The Cobalt cybercrime group is targeting as many banks as possible, which poses risks particularly for smaller, less protected institutions, says Tim Bobak, APAC executive director for Group-IB.
Cybercrime investigators will face increasing difficulties if bad actors begin accepting more privacy-centric cryptocurrencies rather than bitcoin, says Andrei Barysevich of Recorded Future.
There's a rush to cloud services, and that can offer security benefits. But it can be difficult to keep track of data and classify it in the cloud, says Neil Campbell of Telstra, a telecommunications company.
Artificial intelligence has the potential to filter out much of the noise that can bog down teams trying to triage security alerts, says Bryce Boland, former CTO for FireEye in Asia-Pacific.
Deterring nation-states such as Russia and North Korea from executing cyberattacks will require sanctions and other pressure, says Fergus Hanson of the Australian Strategic Policy Institute.
The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.
Cybercriminals in Brazil have capitalized on older vulnerabilities in D-Link routers for financially motivated phishing attacks. The attackers changed DNS settings to use their own malicious DNS server, allowing for seamless shifts to phishing sites.
Check Point says it has found three ways to falsify messages in WhatsApp, which it claims could be employed by scammers and used to spread fake news. WhatsApp acknowledges the findings, but it will not engineer patches.
Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.
Securing the public cloud is not as challenging as it used to be, but too many organizations are still taking the wrong approach, says Microsoft's Jonathan Trull. Understanding the shared responsibility model for security is critical, he says.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.
