Although breaches affecting U.S. retailers are widely reported, Verizon's new PCI Compliance Report shows increases in the theft of payment card data and other personal information span numerous industries in all international markets.
Both Microsoft and Apple this week released patches to address the so-called "Freak" flaw in SSL/TLS. Microsoft also released a fix that addresses a failed 2010 patch for a vulnerability that was exploited by the Stuxnet malware.
During her first month on the job, former Secretary of State Hillary Clinton used a private email server that lacked a digital certificate that would have ensured encrypted and authenticated email communications, surmises security firm Venafi.
When IT veteran Branden Spikes founded his own company devoted to isolating browsers from attacks, he thought building the technology would be the top challenge. The venture capital community proved him wrong.
"Align technology with businesses" is an old phrase. But information security is now part of this change, making strides to align with growth as a business enabler. Enter: the converged technology operations center.
The U.S. Justice Department has charged three men - two are in custody - for hacks against email service providers - including Epsilon - that allegedly resulted in the theft of 1 billion email addresses, many later used in massive spam campaigns.
All Windows operating systems are at risk from the SSL/TLS vulnerability known as Freak, Microsoft warns. The company has outlined temporary workarounds - except for Windows Server 2003. Experts say no in-the-wild attacks have yet been seen.
British police over the course of this week launched 25 cybercrime-targeting raids and made 57 arrests, including suspects who have been tied to a U.S. Defense Department network intrusion, Lizard Squad attacks, as well as a massive Yahoo breach.
Attacks are larger, adversaries more diverse, and damage is broader. These are characteristics of today's DDoS attacks, and organizations need a new approach to protection, says Verisign's Ramakant Pandrangi.
Weaponized roller coasters? Kidnappers hacking babycams? Forget over-the-top "CSI: Cyber" hacking plots. The hackers behind the Rogers ISP breach, in their quest for bitcoins, claim they wielded nothing more serious than a telephone call.
The CEO of Bit9 speaks from experience: His firm was hacked, sensitive data stolen and customers put at risk. And what's happened since represents his mission to fend off attackers, even as they refine their hacks.
Many Apple and Android devices are vulnerable to a TLS/SSL "Freak" flaw, which could be exploited to subvert secure Web connections. The flaw is a legacy of U.S. government export restrictions on strong crypto.
Information on 50,000 drivers for ride-sharing service Uber was breached in May 2014, the company discovered in September and announced on Feb. 27. Uber has launched a related lawsuit and is seeking records from code-sharing website GitHub.
SIM card manufacturer Gemalto says its investigation into a reported U.S. and U.K. intelligence agency espionage operation found that its internal networks housing encryption keys weren't breached. But security experts question those findings.
Hackers have been stealing the secret trading algorithms that are the lifeblood of many hedge funds and high-frequency trading firms, according to two security companies. What can be done to mitigate the risks?