At a hearing on the role the Interior Department played in a recent breach at the Office of Personnel Management, the Interior deputy inspector general painted a picture of how a hacker might have breached the agency's computer system.
Security researchers reported a zero-day bug to Microsoft - which has patched the flaw - after reverse-engineering details were contained in a bug hunter's sales pitch to hacked surveillance software vendor Hacking Team.
The OPM breach is not just the biggest in U.S. government history. It's also likely a classic case of third-party risk management, says Jacob Olcott of BitSight Technologies. What are the key lessons to be learned?
Shed a tear for enthusiasts of aging Microsoft Windows operating systems. That's because Microsoft has now retired Windows Server 2003 support, as well as anti-virus scanner and signature updates for Windows XP. But breaking up can be hard to do.
In-the-wild attacks have been found targeting at least one of two new zero-day Flash flaws leaked by Hacking Team's hacker. Separately, cyber-espionage APT attackers have been targeting a new Java flaw.
Although they apparently weren't caused by cyber-attacks, the impacts of computer failures at the New York Stock Exchange, United Airlines and the Wall Street Journal have much in common with the aftermath of breaches.
FBI Director James Comey says he has faith in American technological ingenuity to overcome obstacles and give law enforcement the ability to access and decrypt data on the devices of criminals and terrorists.
Warning: All versions of Flash Player are vulnerable to a zero-day, weaponized exploit that became public when Italian spyware vendor Hacking Team was hacked, and 400 GB of corporate data leaked. Adobe has released an update to patch the flaw.
A dozen well-known cryptographers and information security specialists have published a paper explaining why they believe it's unfeasible to create a so-called "backdoor" to allow law enforcement to decrypt encoded information.
OpenDNS's Andrew Hay sees danger confronting many enterprises in the era of the "Internet of Things" as Internet-ready consumer devices, not architected for security, find their way onto corporate networks, often unbeknown to administrators.
As federal lawmakers return this week from their Independence Day recess, Congress picks up where it left off before the break: holding hearings on the Office of Personnel Management breach that exposed the personal records of millions of government workers.
MasterCard is testing a smartphone app that lets users approve online transactions using facial recognition, via the equivalent of taking a selfie. But could such technology be spoofed, and will it reduce card fraud?