A security researcher claims he's found an Internet-connected "leaky database" that is storing voter registration records for 191 million Americans. But who's apparently been leaving the information exposed?
Banking and government institutions, and other organizations that employ Juniper Networks gear, are being actively targeted after the company warned that it discovered that someone added a backdoor to the firmware in 2012. Who's responsible?
Understanding the promise of user behavior analytics is one thing. Deploying them to detect and respond to threats is quite another. Bert Rankin of Fortscale offers tips on practical application of the latest UBA solutions.
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
The former Morgan Stanley financial adviser who in September pleaded guilty to stealing confidential customer information and saving it on his home server will not serve time in prison, even though some of that data was posted online.
Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.
The rising profile and increasingly complex nature of cyberattacks was a major development in 2015. What are the key threats for security practitioners to be wary of in the year ahead? FireEye CTO APAC Bryce Boland shares insights.
Too many recent high-profile breaches resulted from attackers using legitimate user credentials to infiltrate critical systems. Fortscale's Bert Rankin tells how user behavior analytics help organizations catch attackers after the breach.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
The FBI is reportedly investigating newly discovered "unauthorized code" in the firmware that runs the NetScreen firewalls built by Juniper Networks, which attackers could have been using to remotely access devices and decrypt traffic without leaving a trace.
President Obama has signed legislation to incentivize businesses to share cyber threat information with the federal government. On Dec. 18, both houses of Congress passed the measure as part of a $1.1 trillion spending package.
In the largest monetary award obtained by the FTC in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers' personally identifiable information.
As it continues to ramp up its cybersecurity enforcement efforts, the FTC could take action next year against consumer wearable device makers if they fail to live up to their promises to protect the privacy of health data and other information, says researcher Stephen Cobb, who also expects scrutiny from the FDA.
In terms of malware, 2015 will go down as the year that ransomware got big, and the organized criminals behind it got bolder. IBM's Limor Kessem discusses what to expect from advanced malware variants in 2016.