A data breach notification service bought what appear to be 117 million username and poorly hashed passwords obtained via the 2012 breach of LinkedIn. That's a far cry from the 6.5 million stolen passwords that initially came to light.
A judge has declined to share details of a flaw exploited by the FBI - either in the Firefox browser or modified Tor version - during the course of a large child pornography investigation, saying Mozilla should deal directly with the U.S. government.
The U.S. Supreme Court this week sided with data aggregator Spokeo in a case dealing with when consumers can sue for privacy violations. The high court remanded the case to the Ninth Circuit Court of Appeals to examine the issue of whether the plaintiff was harmed when Spokeo published incorrect information about him.
A criminal case against an engineer who allegedly stole trade secrets while he worked at two medical device companies highlights yet again the need to prioritize the protection of intellectual property. The indictment comes just weeks after Epic Systems was awarded $940 million in another trade secrets theft case.
Tavis Ormandy of Google's Project Zero found he could hack Symantec's security products with a single email. The flaw has been fixed, but the finding is a reminder that flaws in anti-virus software can leave users at serious risk from hackers.
Hacker attacks in the healthcare sector so far this year generally have targeted smaller organizations and affected fewer individuals, in contrast with last year's massive hacker incidents. For example, one of the latest victims is a small physician group practice in Texas.
Apple has removed from its App Store a $0.99 security tool developed by well-known researcher Stefan Esser that he says could quickly detect if an iPhone may have been hacked. What is the back-story behind this move?
Vietnam's TPBank says it successfully foiled more than $1 million in fraudulent transfer requests apparently initiated by the same hackers who targeted Bangladesh Bank and other SWIFT-using institutions with PDF reader malware.
The FFIEC has released detailed security guidance for mobile banking and payments that its examiners will now use in their assessments of financial institutions. Banking security experts offer a critique.
The Commercial Bank of Ceylon has apparently been hacked, and its data has been dumped online by the Bozkurtlar hacking group that has leaked data from seven other banks in the Middle East and South Asia since April 26.
Law enforcement agencies have scored some notable botnet-busting successes, disrupting malicious infrastructure and arresting botnet-using gangs. But cybercriminals are adapting, one top EU cybercrime investigator warns.
Mozilla wants the U.S. government to provide it with information about a possible unpatched vulnerability in its Firefox browser, which was used by the FBI as part of a large child pornography investigation.
The theft of $81 million from Bangladesh Bank was "part of a wider and highly adaptive campaign targeting banks," SWIFT warns its 11,000 customers. Investigators say signs point to the same attackers having hacked Sony Pictures Entertainment in 2014.
Amidst finger-pointing over responsibility for the $81 million online theft from Bangladesh Bank, SWIFT has issued its first-ever information security guidance to banks, telling them that they're responsible for securing their own systems.
New rules set by the widely used malware database service VirusTotal will exclude security vendors for not sharing data. This move highlights ongoing tension in the multi-billion dollar anti-malware industry.