Mark Weatherford, a former DHS cybersecurity leader, says the Office of Personnel Management neglected to take basic steps that could have helped prevent a breach that may have exposed the PII of 4 million current and former government workers.
This year's Infosecurity Europe conference in London - celebrating its 20th anniversary - decamped from Earl's Court to the glass-topped, 19th-century Olympia Conference Center, and featured more than 300 exhibitors and 200 speakers.
The NSA secretly widened its warrantless surveillance of Americans' international Internet traffic to seek evidence of malicious computer hacking, according to published reports based on documents leaked by former NSA contractor Edward Snowden.
Law enforcement officials estimate that fewer than 200 people in the world build the core infrastructure and tools relied on by cybercriminals who would otherwise lack such capabilities. What's the best way to stop them?
A game-changing impact of the Edward Snowden leaks about previously secret National Security Agency surveillance activities is the increased use of encryption, such as to protect email, says Peter Swire, a former White House chief privacy counsel.
It's no surprise that virus-wielding hackers are exploiting Internet of Things devices. Blame too many device manufacturers rushing products to market, skimping on secure development practices and failing to audit the third-party code they use.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
Britain's computer emergency response team - CERT-UK - reports that malware remains the dominant mode of online attack for cybercriminals, and Zeus their most preferred tool of choice. But the team is promoting a free information-alert service to help.
A U.S. Department of Commerce proposal to restrict the export of so-called "intrusion software" to prevent foreign adversaries from acquiring zero-day exploits has raised concern in the developer community.
While the "Logjam" vulnerability raises serious concerns, there's no need to rush related patches into place, according to several information security experts. Learn the key issues, and how organizations must respond
Although the CareFirst BlueCross BlueShield breach is the third major hacker attack against a health insurer revealed in recent months, experts warn that other organizations, including health information exchanges, could be targeted next.
"Millions" of devices from numerous router manufacturers appear to use a third-party software component called NetUSB, which can be exploited to bypass authentication checks and remotely take control of the devices, security researchers warn.
Numerous websites, mail servers and other services - including virtual private networks as well as "all modern browsers" - have a 20-year-old flaw that could be exploited by an attacker, computer scientists warn.
Although the 2015 Healthcare Information Security Today survey shows improving regulatory compliance is priority No. 1, CISO Cris Ewell of Seattle Children's Hospital suggests building a strong information security program should be a higher priority.
Security vulnerabilities in certain infusion pumps manufactured by Hospira could allow an unauthorized user to alter the dose the devices deliver, the FDA warns. Just a few months ago, the FDA issued a medical device security guide.