In-the-wild attacks have been found targeting at least one of two new zero-day Flash flaws leaked by Hacking Team's hacker. Separately, cyber-espionage APT attackers have been targeting a new Java flaw.
Although they apparently weren't caused by cyber-attacks, the impacts of computer failures at the New York Stock Exchange, United Airlines and the Wall Street Journal have much in common with the aftermath of breaches.
FBI Director James Comey says he has faith in American technological ingenuity to overcome obstacles and give law enforcement the ability to access and decrypt data on the devices of criminals and terrorists.
Warning: All versions of Flash Player are vulnerable to a zero-day, weaponized exploit that became public when Italian spyware vendor Hacking Team was hacked, and 400 GB of corporate data leaked. Adobe has released an update to patch the flaw.
A dozen well-known cryptographers and information security specialists have published a paper explaining why they believe it's unfeasible to create a so-called "backdoor" to allow law enforcement to decrypt encoded information.
OpenDNS's Andrew Hay sees danger confronting many enterprises in the era of the "Internet of Things" as Internet-ready consumer devices, not architected for security, find their way onto corporate networks, often unbeknown to administrators.
MasterCard is testing a smartphone app that lets users approve online transactions using facial recognition, via the equivalent of taking a selfie. But could such technology be spoofed, and will it reduce card fraud?
An unconfirmed post-breach report for bitcoin exchange Bitstamp shows the organization was targeted by a sustained attack that combined phishing via email and Skype with macro malware to successfully steal almost 19,000 bitcoins, worth $5 million.
Cisco announced plans to pay $635 million to purchase cloud security firm OpenDNS to better secure the "Internet of Everything." OpenDNS says the acquisition will leave its products and personnel intact.
The PCI Security Standards Council has just released version 2 of its point-to-point encryption standard. Jeremy King of the PCI SSC explains how this optional standard can complement PCI-DSS compliance.
Would encryption, two-factor authentication and other measures stop a determined adversary from stealing millions of U.S. government personnel files? No, a former CIA CISO says. Read how Robert Bigman would defend against OPM-style cyber-attacks.