Reporting software vulnerabilities can be legally dicey, particularly if the affected company has not previously had contact with computer security researchers. A Sydney consultant recently experienced both ends of the spectrum while investigating building management software.
Ransomware is the largest underground cybercriminal business. And like any business, entrepreneurs continue to find new ways to innovate. A Russian hacker has cobbled together a low-end ransomware kit costing just $175, aimed at anyone who seeks a file-encrypting payday.
The recent fix for a zero-day flaw in Microsoft Office appeared more than five months after Microsoft was privately alerted to the flaw, and followed months of it being exploited via in-the-wild attacks. Can Microsoft do better?
The U.S. regulation that forbid ISPs from selling information about web activity without a customer's permission is gone. But it's still possible to maintain privacy on the Web even if prying eyes are watching.
More than 60,000 servers running Microsoft's out-of-support IIS 6.0 server software may be vulnerable to a newly revealed zero-day exploit. No patch will be produced, but a workaround can blunt an attack.
The FBI recently warned that hackers are targeting FTP servers run by healthcare organizations in order to obtain medical records. New statistics show more than 750,000 FTP servers can be accessed anonymously worldwide.
Microsoft's docs.com service has been an open window to viewing people's personal data. The company appears to have taken some steps to contain the exposure, but those watching closely say sensitive data can still be found via search engines.
McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.
FireEye's Mandiant investigative unit is seeing a revival in tried-and-true hacking techniques, ranging from social engineering to the snatching of OAuth tokens. Why are these old techniques still working?
A groundbreaking study from RAND Corporation quantifies the stakes around how zero-day software vulnerabilities get discovered and persist, bringing hard facts to bear on related - and contentious - debates surrounding vulnerability disclosure and public safety.