This week's top reported breach incidents, including the report by Hold Security warning that a Russian cyber gang had breached 1.2 billion passwords, all have one thing in common: They leave numerous questions unanswered.
U.S. Investigations Services, which conducts background checks for the Department of Homeland Security and other agencies, says it has identified a cyber-attack on its corporate network; agencies have suspended use of the firm's services.
Expect every new warning of cybercrime attacks, online espionage or the malware du jour to be slickly marketed, with the announcements carefully timed. But is this bad for either the information security community or attackers' victims?
Delaware's recently enacted data destruction law sets itself apart from other regulations by permitting consumers, under certain circumstances, to file civil lawsuits against those who violate the law's requirements.
A report that a Russian hacker group dubbed "CyberVor" is hoarding more than 1 billion stolen passwords triggered worldwide concern, but security experts caution that scant details have been revealed, making the threat tough to judge.
Today's sophisticated attackers use ever-stealthier malware and zero-day exploits to evade traditional security defenses, making organizations increasingly vulnerable to advanced persistent threats (APTs). These APTs seek to exfiltrate critical data over the long term.
A Russian cyber gang has breached over 420,000 web and FTP sites to pilfer over 1.2 billion credentials, according to Hold Security, saying it discovered "what could be arguably the largest data breach known to date."