FireEye's Mandiant investigative unit is seeing a revival in tried-and-true hacking techniques, ranging from social engineering to the snatching of OAuth tokens. Why are these old techniques still working?
U.S. prosecutors are expected to soon issue indictments charging four individuals with launching hack attacks against Yahoo, Bloomberg reports. But it's unclear to which of the two massive Yahoo breaches the charges might relate.
Search giant Yahoo suffered two massive data breaches under the tenure of CEO Marissa Mayer. But when the company wraps up the sale of its primary businesses to Verizon for $4.5 billion, she's set to exit with an extra $23 million in compensation.
Canadian authorities narrowly escaped a data breach by stopping an intrusion at the country's statistics agency. The cyberattack used a zero-day vulnerability in Apache Struts 2, which has now been patched.
The source code for the Mirai botnet has been updated to launch DDoS amplification/reflection attacks, although so far that capability hasn't been used, says Gary at Arbor Networks. Even so, DDoS defense planning remains essential.
Leading the latest edition of the ISMG Security: A deep dive into the WikiLeaks release of thousands of documents that appear to lay open in detail the CIA's computer hacking techniques Report. Also, tackling the rise of attacks targeting the internet of things.
A groundbreaking study from RAND Corporation quantifies the stakes around how zero-day software vulnerabilities get discovered and persist, bringing hard facts to bear on related - and contentious - debates surrounding vulnerability disclosure and public safety.
So far in 2017, hacking incidents continue to affect the largest number of individuals impacted by major health data breaches. Meanwhile, incidents involving unencrypted computing devices continue to decline, according to the federal breach tally.
Apache Struts 2 users are being warned to upgrade immediately, after attackers began targeting a zero-day flaw in the widely used, open source Java EE platform. Some attacks deactivate firewalls on vulnerable Linux systems and install DDoS or BillGates malware, amongst other malicious code.
Confide, an encrypted messaging application, received a surge of attention after White House officials began using it for leaks. But a teardown of the app by two security firms revealed a raft of serious security issues.
The latest version of the Trump administration's draft cybersecurity executive order would direct the federal government to take a risk-based approach to IT security and hold agency heads responsible for the security of their organizations' IT assets.
Payment-terminal maker VeriFone Systems says that attackers managed to access its corporate network in January, but that the intrusion and related breach was limited, has been contained and that any fallout appears to be minimal.
A new release from WikiLeaks - of what's alleged to be classified material from the CIA - has seemingly exposed some of the agency's most sensitive hacking projects and malware capabilities. Technology experts are scrambling to assess the impact, as well as WikiLeaks' claims.
One of the world's allegedly most prolific spamming operations inadvertently left backup databases accessible online, exposing upwards of 1.37 billion records and a raft of internal company information.
When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.