Legislation approved by Congress seeks to cement the long-term role of the National Institute of Standards and Technology in working with industry to develop cybersecurity best practices that critical infrastructure operators can voluntarily adopt.
A report claiming that Las Vegas Sands Corp. was hit with a "wiper" malware attack back in February, similar to one that recently affected Sony Pictures Entertainment, illustrates why more organizations need to mitigate the risks of such an attack.
Congress this week passed four cybersecurity bills, and a commonality among all of the measures is that they strengthen the Department of Homeland Security as a cybersecurity force within the federal government.
For the first time in a dozen years, Congress has passed and sent to President Obama for his expected signature major cybersecurity legislation, including a bill to update the law that governs federal government IT security.
Information security experts are questioning the accuracy of a news report that claims Sony Pictures Entertainment is attempting DDoS attacks to disrupt sites that are providing copies of stolen Sony data.
The so-called Red October APT gang may have emerged from hiding. Two research firms report finding advanced attacks that target firms across the financial, oil and engineering sectors, as well as government embassies, primarily in Eastern Europe.
Security experts see the FIDO Alliance's release of two universal authentication specifications as a positive move in the effort to eliminate passwords. But the standards' impact will be minimal unless they're widely adopted.
A recent blog post by Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" raised a number of issues about the ongoing risks involved in using passwords for authentication. Read the strong reaction to the commentary and join the conversation.
A new version of the Destover malware includes a legitimate certificate from Sony. But a researcher claims it's a hoax. Meanwhile, new evidence emerges that the hackers who attacked Sony Pictures Entertainment had criminal - not nation-state - intentions.
Security experts are sounding warnings that a flaw known as POODLE, revealed Oct. 14, can now be used to decrypt some Internet communications secured using TLS. Vendors have begun describing workarounds and issuing patches.