One of the world's allegedly most prolific spamming operations inadvertently left backup databases accessible online, exposing upwards of 1.37 billion records and a raft of internal company information.
Crypt0L0cker ransomware - originally tied to the Gameover Zeus gang - has returned, researchers warn, and in some cases is digitally signed to make it appear legitimate. Other attack campaigns are spreading Cerber and Sage Locker via spam emails sent via short-lived domain names.
The U.S. government has opted to drop an indictment against a child pornography suspect rather than reveal the software exploit used to identify him. The case highlights how the use of legal hacking techniques by law enforcement agencies can create complications in court.
Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company's senior executives and legal team failed to properly comprehend or investigate the severity of the attacks.
A divided House committee has approved legislation that would expand the National Institute of Standards and Technology into the domain of auditing. The bill calls for NIST to assess federal agency compliance with its cybersecurity framework.
Cloud-connected stuffed animals built by Spiral Toys include an unsecured Bluetooth implementation that could be used to locally spy on anyone near the toys, a security research firm warns. It alleges that Spiral Toys has failed to respond to warnings it began issuing in October 2016.
An attack on a database used by Emory Healthcare for patient appointments is the largest health data breach reported to federal regulators so far in 2017. The incident spotlights a persistent problem facing a growing number of organizations that use misconfigured MongoDB and other similar databases.
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to show the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered - and likely amended - by a House committee.
Our objective, as the industry's largest global media organization, is to bring you the most important bits from the conference, whether you attended the event or are experiencing the content now for the first time. Call this the Best of RSA Conference 2017.
A one-character coding error by Cloudflare exposed data - that otherwise would have been encrypted - from major web services, putting personal information, chat messages, OAuth tokens, encryption keys and cookies at risk.
Researchers have demonstrated the first practical attack against the SHA-1 cryptographic hash function. While security experts had already recommended dropping SHA-1, some browsers and other security tools still rely on it.
A federal judge in Illinois has rejected part of a search warrant application that would allow police to force anyone present at the time of a raid to use their fingerprints to unlock digital devices. But the decision far from resolves the issue of law enforcement's efforts to overcome encryption.
State officials who oversee elections have formally objected to a DHS designation of America's electoral system as critical infrastructure. The National Association of Secretaries of State is asking DHS Secretary John Kelly to rescind the designation made by his predecessor, Jeh Johnson.
For anyone who's worried about the rise of quantum computers and the risk that they could be used to crack modern, public-key crypto systems, leading cryptographers at the RSA Conference 2017 delivered a clear message: For now, do nothing.
Verizon will pay $350 million less for Yahoo than it first offered because the deal subsequently became tainted by three data breach disclosures. Yahoo's lower value is a study in how data breaches can impact big business transactions.