Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company's senior executives and legal team failed to properly comprehend or investigate the severity of the attacks.
A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
For any of the tens of thousands of organization that may be smarting from this week's Amazon Web Services and Simple Storage Solution (S3) outage, take the following advice to heart: "You must kill your darlings."
An attack on a database used by Emory Healthcare for patient appointments is the largest health data breach reported to federal regulators so far in 2017. The incident spotlights a persistent problem facing a growing number of organizations that use misconfigured MongoDB and other similar databases.
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to show the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered - and likely amended - by a House committee.
Déjà vu "smart toy" information security fail: Spiral Toys, maker of internet-connected CloudPets, is under fire for exposing 821,000 user records online - now being ransomed - as well as links to 2.2 million parents' and children's voice recordings.
The Russian government appears to be doubling down on its information warfare success to date, publicly confirming that it has a "cyber army" designed to wage psychological operations and propaganda campaigns. While there are defenses, too few are using them.
What did Yahoo executives know about multiple data breaches and attacks that the company suffered, and when did they know it? Those questions have continued to dog Yahoo as it negotiates its sale to Verizon for the now-discounted price of $4.5 billion.
Our objective, as the industry's largest global media organization, is to bring you the most important bits from the conference, whether you attended the event or are experiencing the content now for the first time. Call this the Best of RSA Conference 2017.
What's required to access the Dark Web? And how does one separate fact from fiction? These are two of the five things Dark Web users need to know, says Danny Rogers, co-founder and CEO of Terbium Labs.
Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.
New ransomware circulating via BitTorrent is disguised as software that purports to allow Mac users to crack popular Adobe and Microsoft applications. Separately, new ransomware calling itself Trump Locker appears to be the previously spotted VenusLocker ransomware in disguise.
Organizations across sectors have come to understand the inherent security risks posed by third-party vendors. But too many approach vendor risk management with a manual process, says Daniel de Juan of Rsam.
Every year, information security professionals flock to San Francisco for the annual RSA Conference. From the debut of "Trumpcryption" to cybersecurity's "greatest hits" set to hip-hop violin, here are some of the 2017 event's highlights.
At the request of German authorities, British police have arrested a suspected hacker involved in last year's disruption of 1 million Deutsche Telekom customers' routers via Mirai malware, which targets default credentials on internet-connected devices.