Republican-backed legislation is a presidential signature away from dismantling a Federal Communications Commission regulation to require internet service providers to ask permission before selling customers' private information to advertisers.
A scareware campaign has been locking iOS devices with faux ransomware, demanding a payoff via virtual iTunes gift cards, security researchers warn. A fix for the exploited iOS flaw is included in a massive batch of product patches and updates released by Apple.
The Department of Homeland Security, which missed meeting last week's deadline for submitting a new cybersecurity strategy to Congress, could be months away from providing lawmakers with that policy, a top DHS cybersecurity official says.
Google has run out of patience with Symantec's digital certificate business. It has outlined a plan that over time will have its Chrome browser reject all of Symantec's existing digital certificates and force all of its future certificates to be reissued every nine months.
Following last week's Westminster attack in London, British Home Secretary Amber Rudd is demanding that police and intelligence agencies be given on-demand access to end-to-end encrypted communications services such as WhatsApp.
An Obama-era regulation, which has yet to take effect, that aims to strengthen consumer's online privacy may be derailed. The Senate has voted along party lines to quash the rule that the FCC issued in October.
WikiLeaks has released a second batch of CIA attack tools, dubbed Dark Matter, which includes malware designed to exploit Mac OS X and iOS devices. But Apple contends the attacks target vulnerabilities in its software that have long been patched, so users are not at risk.
Strong doubts have emerged over an unknown hacking group's claim that it has captured credentials for 627 million Apple iCloud accounts. A very public, ham-fisted attempt to get a $75,000 ransom has raised suspicions.
Cloud services firm Coupa is one of the latest business email compromise victims, after a fraudster pretending to be its CEO faked out the HR department and stole all of its 2016 employees' W-2 forms. Security experts say rigorous training remains the only viable defense.
Password manager LastPass has deployed a server-side fix to repair a vulnerability that could have allowed an attacker to steal a victim's passwords. It's the latest finding from Tavis Ormandy of Google's Project Zero, who's since reported another flaw in LastPass.
RBI has mandated that all banks migrate to Aadhaar-based biometric authentication for electronic payment transactions by June 30. But some information security experts question whether the the technology can handle the potential volume of transactions.
New Mexico lawmakers have overwhelmingly approved the Data Breach Notification Act. If signed, as expected, by Gov. Susana Martinez, Alabama and South Dakota would be the only states without such a statute.
A man who allegedly used a smartphone with a Tor proxy and VPN client to hide his online activities has been arrested and charged with narcotics distribution after U.S. Postal Service employees spotted him mailing large numbers of envelopes while wearing latex gloves.
One of the world's biggest botnets, Necurs, is back. But instead of flinging banking Trojans and ransomware, this time it's spouting spam aimed at influencing the price of cheap stocks, say security researchers from Cisco's Talos group.
As WikiLeaks reaches out to firms about code targeted via CIA attack tools contained in the "Vault 7" document dump, Cisco says its review of the leaked information led to the discovery of a zero-day flaw that affects 318 of its devices, including numerous switches.