In the wake of the Heartbleed flaw, a researcher finds new weaknesses in OpenSSL that could be exploited to launch man-in-the-middle attacks, distributed-denial-of-service attacks and remote-code execution on millions of sites.
A proposed UK computer crime bill would increase hacking penalties and criminalize cybercrime attacks that impact the economy, environment or national security. Proving related charges in court, however, could be difficult.
There's good news on the Zeus Gameover Trojan and Cryptolocker ransomware campaigns: The number of new infections has become "very low," if not fallen to zero. But related attacks could quickly resurge. Learn the reasons why.
A George Mason University researcher says NIST's cybersecurity framework is likely to cause more problems than it solves. Instead, he encourages critical infrastructure operators to adopt dynamic cybersecurity provisions.
American Express is notifying about 77,000 California cardholders that their personal information and card data has been posted on various websites, with members of the hacktivist group Anonymous taking credit for the breach.
An ongoing APT campaign employs decoy documents to lure potential victims into installing malicious remote-control tools. Targets include at least one bank, the BBC and many U.S. and EU government agencies.
Security researchers say the international takedown of the Gameover Zeus botnet and servers for CryptoLocker ransomware will have a positive short-term impact, but they warn the threats could quickly re-emerge unless key steps are taken.
Law enforcement agencies worldwide took part in a coordinated operation to disrupt the Gameover Zeus botnet and seize computer servers crucial to the CryptoLocker ransomware. A Russian citizen has been indicted in connection with the crackdown.
Five individuals face charges following allegations that they purchased stolen credit card numbers from online carding forums and made fraudulent purchases totaling more than half a million dollars, prosecutors say.
A key challenge in mitigating cyber-risks is differentiating new malware threats from older ones. Experts offer insights on how to sort through the massive number of alerts issued by vendors to identify the real threats that require attention.
The OpenSSL Project is receiving new funding to support its operations following the Heartbleed exploit that exposed a flaw in the cryptographic tool that's used to provide communications security and privacy online.