If the Chinese government hacked the U.S. Office of Personnel Management for espionage purposes, then the U.S. government's $133 million contract to provide ID theft monitoring services is a waste of money. Instead, the agency could have used the funds to safeguard its systems against future attacks.
Security experts trace many of the world's cybercrime attacks to Russia. But Russian authorities never extradite suspects, and they allow hackers to operate with impunity - if they play by some ground rules.
Yet another health insurer - Excellus BlueCross BlueShield - has belatedly discovered that its systems were hacked. The breach potentially exposed information on 10.5 million individuals, was discovered in August, but appears to have begun in 2013.
BlackBerry plans to buy mobile device management rival Good Technology for $425 million. BlackBerry must prep for a future in which it no longer manufactures hardware - and that's why this deal makes sense.
Mozilla, which maintains the Firefox browser, says an attacker infiltrated its bug-tracking tools, stole information on an unpatched flaw, and exploited users for at least three weeks, before the flaw was patched.
Match.com suspended all advertising on its U.K. site after discovering that one of its third-party advertising provider's networks had been infiltrated by a malware-serving campaign. The incident follows U.K. dating site Plenty of Fish recently falling victim to a similar campaign.
Britain's data protection watchdog is investigating two suspected data breaches - one involving the leak of HIV patients' identities, and the other involving the leak of personal information on magazine subscribers.
Sony Pictures Entertainment has reached a tentative deal to settle a class-action lawsuit filed against it, stemming from its 2014 data breach, which resulted in the leak of personal information for up to 50,000 employees.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Policymakers must consider three factors before imposing sanctions in retaliation for state-backed hacks: Confidence in its attribution of responsibility, the impact of the incident and the levers of national power at a state's disposal.
International law enforcement agencies are warning banking institutions and businesses about extortion attacks being waged by an entity known as DD4BC, or DDoS for Bitcoin. They're advising organizations not pay any ransom and to notify their ISPs and law enforcement officials of any threats.
Lizard Squad, which markets the Lizard Stresser distributed denial-of-service attack tool, appears to have targeted the public-facing website of the U.K.'s National Crime Agency in retaliation for its recent DDoS-tool crackdown.
The FBI estimates fraud losses linked to so-called business email compromise scams worldwide have exceeded $1.2 billion in less than a year. But some financial fraud experts say the losses from this largely overlooked threat could be even higher.