Data Breach Today Podcast

The Dark Overlord selling stolen healthcare databases for bitcoins leads the ISMG Security Report. Also hear about banks' move toward real-time transaction fraud controls and a bipartisan attempt in Congress to tackle the ongoing crypto and "going dark" debates.

So why is Visa temporarily reducing the fraud chargeback burden on non-EMV-compliant U.S. merchants? Mark Nelsen, Visa's senior vice president, says it boils down to this: The card brand wants to give retailers a break while it takes steps to streamline the cumbersome certification of new POS devices.

In the wake of recent SWIFT-related interbank payment heists, more banks are monitoring transactions for anomalous behavior in an attempt to catch fraud in real time, says Andrew Davies, a fraud prevention expert at core banking services provider Fiserv.

Healthcare organizations must do much more to continually measure the effectiveness of their security controls as new cyber threats emerge and evolve, Lisa Gallagher of PricewaterhouseCoopers, formerly of HIMSS, says in this in-depth interview.

Britain's surprise vote to "Brexit" the European Union leads the ISMG Security Report. Also hear analysis on a cybercrime forum selling remote server access; Comodo being in hot water by saying "let's encrypt"; and why Facebook CEO Mark Zuckerberg covers his webcam with tape.

Achieving international acceptance of PCI-DSS is an ongoing challenge, says Jeremy King, international director of the PCI Security Standards Council, who's working to educate merchants about baseline security that goes far beyond cardholder data protection.

In this edition of the ISMG Security Report, you'll hear reports on the U.S. government nabbing healthcare fraudsters; federal agencies at risk of exposing highly sensitive data; and the hacking of brokerage accounts.

With ransomware attacks surging, all organizations should ensure they have an enterprise backup and disaster recovery plan in place, and eliminate all unnecessary, outdated or disused applications and services running on endpoints and servers, says ESET's Mark James.

There is no such thing as "security by obscurity." Attackers can hack what they can't see. This means organizations must reimagine the fundamentals of API creation, says Jaime Ryan of CA Technologies.

In this edition of the ISMG Security Report, you'll hear our editors explore how hackers use Java script for ransomware, the latest digital currency security issue and privacy threats posed by virtual reality.

In recent months, Cloud Access Security Broker solutions have emerged as a defacto, mandatory control. Which is better approach to CASB - proxy or API? Rohit Gupta of Palerra shares his insight and recommendations.

Crisis management expert Emily Mossburg discusses a new Deloitte study that shows why many organizations must reassess their approach to breach response to focus on what really matters: keeping the organization functioning.

The ISMG Security Report kicks off with thoughts on how Watergate - its 44th anniversary is today - would have turned out differently if today's technology existed in 1972. Also, you'll hear the backstory on the breach at Democratic Party headquarters revealed this past week.

As evolving virtual reality technologies are embraced by corporate environments, including healthcare entities, for training and other purposes, organizations need to carefully consider the privacy and security risks they pose, says attorney Steven Teppler.

In an interview, Doug Johnson of the American Bankers Association explains why the ABA rejects the Retail Industry Leaders Association's contention that a legislative proposal to hold retailers to the same cybersecurity standards as banks is unfair.

With rampant password, patch management and data missteps, it can feel like information security déjà vu all over again as security professionals fight so many of the same battles as 10 or 20 years ago, says white hat hacker Cris Thomas, a.k.a. "Space Rogue."

IBM is deploying its Watson supercomputer to help organizations answer this essential question: In the face of nonstop security events, potential intrusions and patches, what's the next, best action that an organization's security analyst should take?

In the latest ISMG Security Report, our editors analyze Symantec's pending purchase of Blue Coat; vulnerabilities in mobile banking apps; retailers' objections to a national data breach notification bill; and the relaunching of the IRS Get Transcript tool after a breach.

For years, organizations have been threatened by DDoS attacks on several fronts, ranging from volumetric attacks to application-level and DNS strikes. Now come ransom-based attacks. Trey Guinn of CloudFlare discusses how to respond to each type of attack.

A settlement between the Federal Trade Commission and Practice Fusion, an electronic health records system vendor, serves as a reminder that regulations other than HIPAA apply to protecting patient privacy, says attorney Adam Greene, a healthcare regulations expert.