Cloud services firm Coupa is one of the latest business email compromise victims, after a fraudster pretending to be its CEO faked out the HR department and stole all of its 2016 employees' W-2 forms. Security experts say rigorous training remains the only viable defense.
Password manager LastPass has deployed a server-side fix to repair a vulnerability that could have allowed an attacker to steal a victim's passwords. It's the latest finding from Tavis Ormandy of Google's Project Zero, who's since reported another flaw in LastPass.
RBI has mandated that all banks migrate to Aadhaar-based biometric authentication for electronic payment transactions by June 30. But some information security experts question whether the the technology can handle the potential volume of transactions.
A man who allegedly used a smartphone with a Tor proxy and VPN client to hide his online activities has been arrested and charged with narcotics distribution after U.S. Postal Service employees spotted him mailing large numbers of envelopes while wearing latex gloves.
One of the world's biggest botnets, Necurs, is back. But instead of flinging banking Trojans and ransomware, this time it's spouting spam aimed at influencing the price of cheap stocks, say security researchers from Cisco's Talos group.
As WikiLeaks reaches out to firms about code targeted via CIA attack tools contained in the "Vault 7" document dump, Cisco says its review of the leaked information led to the discovery of a zero-day flaw that affects 318 of its devices, including numerous switches.
FBI Director James Comey says the agency is investigating possible ties between Donald Trump's presidential campaign and Russian attempts to sway the U.S. election. Comey also tells the House Intelligence Committee the FBI can't find proof to support Trump's claim that Barack Obama wiretapped him.
Two of the four individuals indicted for hacking Yahoo in 2014, exposing 500 million user accounts, work for a Russian intelligence service unit that the FBI collaborates with on international cybercrime investigations.
Don't trust the internet of things to maintain common-sense boundaries - or your privacy - as evidenced by a lawsuit against "sensual lifestyle products" manufacturer We-Vibe, alleging that its products tracked customers' usage patterns, indexed by their email addresses.
Thousands of high-profile Twitter accounts have been spewing swastikas and spam following the hack of a popular third-party Twitter service called Counter. Sites tied to Amnesty International, the BBC and even tennis star Boris Becker were affected.
Search giant Yahoo suffered two massive data breaches under the tenure of CEO Marissa Mayer. But when the company wraps up the sale of its primary businesses to Verizon for $4.5 billion, she's set to exit with an extra $23 million in compensation.
Canadian authorities narrowly escaped a data breach by stopping an intrusion at the country's statistics agency. The cyberattack used a zero-day vulnerability in Apache Struts 2, which has now been patched.
WikiLeaks says it leaked the "Vault 7" CIA hacking arsenal in part to stoke a debate on cyber-weapon proliferation. Here's how information security experts are reacting to WikiLeaks' claims and potential agenda, as well as the dump and information vulnerability-exploit information it contains.
Apache Struts 2 users are being warned to upgrade immediately, after attackers began targeting a zero-day flaw in the widely used, open source Java EE platform. Some attacks deactivate firewalls on vulnerable Linux systems and install DDoS or BillGates malware, amongst other malicious code.