Eighty percent of the Android ecosystem - an estimated 1.4 billion devices - is vulnerable to an attack affecting TCP. While the flaw has been patched in Linux, Android remains vulnerable, although Google is aware of the issue.
USB devices and ports pose serious risks, and they aren't going away anytime soon. But researchers say they've developed a way to block malicious actions by USB devices to help prevent attacks such as "BadUSB."
Vikrant Arora, CISO of NYC Health & Hospitals, offers the four most important questions a board must ask the CISO to get a good understanding of how the organization is addressing top cybersecurity concerns.
Malware researcher Ivan Kwiatkowski unleashed ransomware on tech-support scammers after his parents stumbled across a site warning they'd been infected by Zeus. Despite the feel-good factor, however, security experts advise against hacking back.
A report on FBI Director James Comey seeking to reopen the debate over creating for law enforcement a bypass to encryption on mobile devices is among the stories featured in the latest ISMG Security Report.
CEO fraud campaigns are becoming far more common. A recent attack against our company was deflected because of the alertness of a staff member who received a fraudulent wire transfer request, illustrating why well-informed employees truly are the best lines of defense against these schemes.
Security firm ThreatConnect says Guccifer 2.0, who claims to be the lone hacker of the Democratic National Committee, may have close ties to Russia. But after reviewing related technical evidence, not all security experts agree.
As Democrats gather in Philadelphia to nominate Hillary Clinton for president, it's a good time to examine the former secretary of state's positions on cybersecurity and online privacy. Here's where she stands.
As the Pokémon Go craze continues to take off, it's clear that when it comes to chasing virtual creatures through real-world locations, too many people fail to keep some common sense guidelines in mind.
MacKeeper failed to alert customers earlier this year that for at least four weeks, its anti-virus software wasn't receiving regular signature updates. Industry experts say any such delay is unacceptable for an AV vendor.
At the Black Hat event in Las Vegas later this month, researchers plan to reveal vulnerabilities in hooking engines, a critical component of security software and other applications, including Microsoft Office.
In just two years' time, RSA analysts have seen a 170 percent rise in incidents of fraud via the mobile channel. What's behind the spike, and what can security leaders do to help their organizations and customers curb fraud losses?
A recent interview about Hillary Clinton's email server controversy drew numerous comments, with respondents divided over whether users will devise ways to circumvent systems safeguards to do their jobs more effectively. Join the conversation.
While many banks and merchants in Britain, France and Germany have long complied with the PCI Data Security Standard, deregulation has led organizations in other European countries to start taking PCI compliance more seriously and use it for competitive advantage.