Warning: All versions of Flash Player are vulnerable to a zero-day, weaponized exploit that became public when Italian spyware vendor Hacking Team was hacked, and 400 GB of corporate data leaked. Adobe has released an update to patch the flaw.
A dozen well-known cryptographers and information security specialists have published a paper explaining why they believe it's unfeasible to create a so-called "backdoor" to allow law enforcement to decrypt encoded information.
More than 3,000 National Health Service patients had their personal data exposed when an employee lost an unencrypted memory stick in a parking lot, violating NHS policies. But creating policies isn't the same as enforcing them.
Italian surveillance software maker Hacking Team has confirmed that it was hacked and recommends police, law enforcement and government agencies suspend their use of its software, pending a full breach investigation.
OpenDNS's Andrew Hay sees danger confronting many enterprises in the era of the "Internet of Things" as Internet-ready consumer devices, not architected for security, find their way onto corporate networks, often unbeknown to administrators.
Hacking Team, an Italian vendor of "easy-to-use offensive technology" that it sells to government agencies, has been hacked. Leaked customer lists reportedly name the FBI and DEA, plus the governments of Bahrain, Russia and Sudan, among others.
MasterCard is testing a smartphone app that lets users approve online transactions using facial recognition, via the equivalent of taking a selfie. But could such technology be spoofed, and will it reduce card fraud?
An unconfirmed post-breach report for bitcoin exchange Bitstamp shows the organization was targeted by a sustained attack that combined phishing via email and Skype with macro malware to successfully steal almost 19,000 bitcoins, worth $5 million.
Trump Hotel Properties confirms it is investigating reports of card fraud tied to multiple hotels. Numerous hotels, restaurants and retailers continue to report breaches, stemming from POS malware infections.
Cisco announced plans to pay $635 million to purchase cloud security firm OpenDNS to better secure the "Internet of Everything." OpenDNS says the acquisition will leave its products and personnel intact.
The PCI Security Standards Council has just released version 2 of its point-to-point encryption standard. Jeremy King of the PCI SSC explains how this optional standard can complement PCI-DSS compliance.
Would encryption, two-factor authentication and other measures stop a determined adversary from stealing millions of U.S. government personnel files? No, a former CIA CISO says. Read how Robert Bigman would defend against OPM-style cyber-attacks.
Following its mega-breach, the U.S. Office of Personnel Management suspends use of its online background check application system, citing a vulnerability. Also, the agency now faces a breach-related lawsuit filed on behalf of federal workers.