With many organizations rushing to formulate their own advanced persistent threat (APT) prevention plans, recent data show that a lack of attention to systematically managing cryptographic keys and certificates is still leaving the attack door wide open.

A variant of the formidable banking trojan Citadel has been targeting Payza – a payment platform popular in developing countries that have limited access to online financial services.

The group of Chinese cyber-espionage hackers reportedly operating as an arm of the People’s Liberation Army is allegedly back at it, attacking a range of US enterprise and government targets to steal everything from technology blueprints to business plans to manufacturing information.

Most corporate security incidents are uncovered by a third party, like a security firm, that picks up on evidence of nefarious activity being carried out by infected machines. However, many of the victim organizations don’t have processes in place to react quickly when they’re notified of an incident. And some are simply not discharging their corporate duty, argues one security firm.

A leading anti-malware company has uncovered a wide-ranging malware campaign that appears to originate in India and seems primarily to target Pakistan with data-stealing malware.

By David Baker With the growing movement of enterprises to the cloud, it’s more important than ever that service providers demonstrate and prove good security practices to their customers, in g...

When new technology introduces new legal questions, it can take a long time for courts to sort matters out, and cybersecurity is no exception to the rule. Cyberattacks that yielded major breaches of f...

By Mark O’Neill Most people have used the Facebook, Twitter, or Google Apps buttons located on websites to log into third-party services. This approach is useful within consumer IT as it enable...

This afternoon, I met the CEO (and co-founder) of Semafone, Tim Critchley. When the invitation to interview him landed in my inbox, I was all set to turn it down. As Critchley himself admits, call cen...

Comment: Cybersecurity and Reality – What’s in a Word? What does the word 'cyber' really mean? Gregor Campbell cracks open his dictionary to trace its transformation

An Inside Look at AT&T’s Operations Center, and its Security Strategy One of the largest network services providers in the US invited Infosecurity to its Global Network Operations Center in Bedminster, New Jersey, and then explained why it is poised for success within the IT security market.

The Prognosis for Medical Device Security Medical devices can be hacked – but how much of a danger is it? Danny Bradbury asks the experts

Comment: Exposing the Myths of Access Rights Management Managing access rights is time-consuming and often considered a mundane task. Nevertheless, making sure only the right people can access company data is a business-critical function. Christian Zander of protected-networks.com addresses a number of ‘myths’ he has encountered when discussing this issue with senior IT management across Europe.

Interview: Dorothy Denning In her heart a true academic, Drew Amorosi tracks down Dorothy Denning – renowned information security researcher and trainer of today’s cyber warriors

Allan Boardman says it’s time to license information security professionals and join the ranks of other esteemed professions

A licensing scheme for information security professionals would create more issues than it solves, according to Hord Tipton

Interview: HD Moore, Chief Security Officer at Rapid7, Chief Architect And Creator of Metasploit HD Moore talks to Infosecurity Magazine about today’s IT security landscape and how his hobby, penetration testing solution Metasploit, attracted the attention of vulnerability management and penetration testing solutions provider Rapid7.

Interview: Larry Ponemon Dr. Larry Ponemon is the chairman and founder of the Ponemon Institute, and one of the nicest people you may ever meet. Here’s what happened when Eleanor Dallaway met the King of Privacy himself…

In Cyberspace, No One Can Hear You Scream Royal Holloway’s Geraint Price and Keith Martin call for innovative approaches to securing cyberspace that go beyond the current practitioners’ toolkit