Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - have a 20-year-old flaw that could be exploited by an attacker, computer scientists warn.
Unlike previous presidential campaigns, cybersecurity will be raised by candidates on the hustings, although the issue likely won't play a big role in determining the election. Two GOP candidates - Marco Rubio and Rand Paul - already have broached the topic.
Visa has agreed to increase the reimbursement paid to banking institutions that must reissue cards in the wake of a merchant breach. Now the smaller card issuers, such as community banks, are getting paid the most.
An army of 40,000 small office/home office routers have been exploited by automated malware. But who's responsible for devices being vulnerable: vendors for using well-known defaults; or distributors and IT managers for not locking them down?
Although the 2015 Healthcare Information Security Today survey shows improving regulatory compliance is priority No. 1, CISO Cris Ewell of Seattle Children's Hospital suggests building a strong information security program should be a higher priority.
Security vulnerabilities in certain infusion pumps manufactured by Hospira could allow an unauthorized user to alter the dose the devices deliver, the FDA warns. Just a few months ago, the FDA issued a medical device security guide.
Caffeine junkies are up in arms over reports that criminals have been targeting their Starbucks account balances. But the real story is poor password-picking practices by consumers, and Starbucks' lack of multi-factor authentication.
After recently announcing an investigation, Sally Beauty Supply now confirms that it has "sufficient evidence to confirm that an illegal intrusion into our payment system has indeed occurred." The retailer reported a similar breach in March 2014.