A recently published 2017 survey of over 400 security professionals in the U.S., U.K. and Germany measured how well their organizations implemented security controls for SSH keys. The results show that most organizations are underprepared to protect against SSH-based attacks, with fewer than half following industry...
The steady stream of new reports about years-old breaches continues as Imgur, the popular photo-sharing service, belatedly warns that it suffered a breach in 2014 that compromised 1.7 million users' accounts.
Since last year, North Korean hackers have been targeting businesses in the financial services, aerospace and telecommunications sectors by exploiting a remote administration tool, or RAT, according to an alert issued Tuesday by the United States Computer Emergency Response Team.
The FBI is still working to unlock the mobile phone of Devin P. Kelley after he shot and killed 26 people in a church in a rural Texas town. The revelation seems certain to revive the contentious debate over the use of strong encryption to protect consumers and their devices.
Researchers have discovered how to speed up an attack disclosed last month that recovers secret RSA encryption keys generated by faulty Infineon software in TPM chips. Estonia has blocked and plans to replace weak security certificates on 750,000 of its smart ID cards used for healthcare and e-voting.
As the explosive growth of the internet of things continues, it's essential to take a structured approach to implement security-by-design with secure coding and end-to-end encryption of data, says Mumbai-based Juergen Hase, CEO of Unlimit, the IoT business unit of the Reliance Group.
Security officials at Britain's biggest airport have been left scrambling after a USB stick that reportedly contained sensitive information was found on a London street. Heathrow Airport says it has launched an investigation and is working with London's Metropolitan Police.
Medical device cybersecurity scrutiny usually focuses on potential patient safety issues. But vulnerabilities identified in a cardiac pacemaker programming device illustrate the risks also posed to patient data privacy, says Billy Rios, a researcher who discovered the problem.
Researchers say they've identified faulty cryptographic code in microchips made since 2012 by Infineon Technologies, posing risks to government-issued smartcards, consumer laptops, authentication tokens and more.
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.
An analysis on finding a replacement for Social Security numbers as an identifier for individuals leads the latest edition of the ISMG Security Report. Also, assessing Kaspersky Lab's responsibility for the hack of an NSA contractor's computer.
The commenting platform Disqus is resetting passwords after discovering that its database was breached in 2012. The breach is one of several older breaches that have only now come to light, thanks to the stolen data having surfaced. But how many older breaches have yet to be discovered?
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.
Modern enterprises are in the midst of a digital revolution, adapting to the demands of Business 2.0. They are looking to embrace new business opportunities, expand into new markets, and propose new product offerings, as well as be more agile in responding to existing demands. This transformation relies on digital...
Britain's home secretary claims that "real people" don't really want unbreakable, end-to-end encryption - they just like cool features. Accordingly, she asks, why can't we just compromise and add backdoors, thus breaking crypto for everyone?