Adobe Flash security alert redux: All enterprises should immediately update - or delete - all instances of Flash Player, following reports that a zero-day flaw in the Web browser plug-in is being targeted by the new "ScarCruft" APT group.
Preparing for data breaches - to detect them quickly, respond appropriately and ascertain exactly what happened - can help make the difference between a security incident having major or minor repercussions, says CrowdStrike CEO George Kurtz.
The FBI is warning U.S. businesses to beware of business email compromise scams focused not just on creating fraudulent wire transfers, but also stealing personally identifiable information. Experts, however, are criticizing the FBI's alert as being too little, too late.
A massive scan of open internet ports confirms long-held assumptions that old, insecure internet protocols never die, and in fact may still thrive, especially in Belgium, says Rapid 7 security research manager Tod Beardsley.
As evolving virtual reality technologies are embraced by corporate environments, including healthcare entities, for training and other purposes, organizations need to carefully consider the privacy and security risks they pose, says attorney Steven Teppler.
Apple is building "differential privacy" into iOS 10 to try and block attempts to identify or track individual users based on their behavior, keyword searches or other activities. But will the functionality perform as advertised?
The FDA is reviewing comments on its proposed cybersecurity guidance for medical devices, including suggestions that it should beef up the guidance with more details. Meanwhile, the agency has issued new proposed guidance clarifying that manufacturers can share device-generated information with patients.
Days after booting hackers from its network, the Democratic National Committee allowed incident-response firm Crowdstrike to publicly detail its findings. That's a rare - albeit welcome - move for other potential targets.
With rampant password, patch management and data missteps, it can feel like information security déjà vu all over again as security professionals fight so many of the same battles as 10 or 20 years ago, says white hat hacker Cris Thomas, a.k.a. "Space Rogue."
Russia's arrest of 50 suspected hackers earlier this month seems to have spooked the developers of the Angler exploit kit, an attack tool responsible for spreading ransomware and malware. But is Angler gone for good, or simply retrenching?
My initial reaction to Microsoft's announcement that it plans to buy LinkedIn for $26.2 billion in cash: I guess its massive 2012 data breach - and the loss of virtually every user's credentials - didn't hobble the company's long-term prospects.
First the hackers came for our credit cards. Now they're taking control of our TVs. Witness the latest version of FLocker - for "frantic locker" - which is designed to lock Android devices, including smart TVs.
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.
For its next move since jettisoning storage firm Veritas and becoming a pure-play security vendor, Symantec plans to buy network and cloud security firm Blue Coat from private-equity owners Bain Capital for $4.65 billion, gaining a new CEO in the process.