Latest

Cybersecurity

Yahoo Hacked by Cybercrime Gang, Security Firm Reports

Mathew J. Schwartz  •  September 29, 2016

Blunting Yahoo's attempt to blame nation-state attackers for its record-breaking breach, security firm InfoArmor says it's traced the 2014 hack to a cybercrime gang that's quietly resold the stolen data several times over.

Data Breach

Yahoo Faces Lawsuits Over Breach

Jeremy Kirk  •  September 27, 2016

Several civil lawsuits have been filed against Yahoo over the compromise of 500 million accounts. But such lawsuits have a mixed record of success in U.S. federal courts.

Breach Preparedness

Cloud Security Paradigm: Time for Change?

Varun Haran  •  September 27, 2016

Cloud computing has already led to a fundamental shift in the enterprise computing paradigm, and security now needs to follow, says Gartner's Steve Riley, who shares recommendations.

Breach Response

Clinton, Trump Tackle Cybersecurity in Debate

Jeremy Kirk  •  September 27, 2016

Hillary Clinton and Donald Trump ventured into new territory for their first presidential debate: cybersecurity. It marked one of the few subjects on which both candidates broadly agreed, although the exchange was marked with sharp jabs and an interesting attribution theory from Trump.

Mobility

Broadening the Scope of Mobile Security

Eric Chabrow  •  September 26, 2016

Most enterprises, when addressing mobile security, focus on securing applications, such as the devices' operating systems, or preventing the installation of malware. But NIST cybersecurity experts say organizations should take a much broader approach to ensuring mobile security.

Application Security

Why CISOs Must Make Application Security a Priority

Geetha Nandikotkur  •  September 26, 2016

As pressure to speed the development of applications intensifies, CISOs must be the "voice of reason," taking a leadership role in ensuring security issues are addressed early in app development process, says John Dickson, principal at Denim Group, a Texas-based security consultancy.

Breach Notification

Yahoo Breach: The Great 'Nation-State' Cop Out

Mathew J. Schwartz  •  September 26, 2016

Asked to explain the compromise of 500 million of its users' accounts, Yahoo appears to be trying to blame Russia. Of course, that would be an easy face-saving exercise for a publicly traded firm currently negotiating its $4.8 billion sale to Verizon.

Application Security

Tesla Patches Cars Against Wi-Fi 'Braking' Attack

Jeremy Kirk  •  September 21, 2016

Electric car manufacturer Tesla has updated its firmware after researchers in China remotely turned on a vehicle's windshield wipers, opened the trunk and applied the brakes in new Model S sedans.

Privacy

Hey, Webcam User: Cover Up!

Mathew J. Schwartz  •  September 21, 2016

FBI Director James Comey, Facebook CEO Mark Zuckerberg and security expert Mikko Hypponen all advocate covering up your webcam as a cheap and no-brainer defense against everything from unscrupulous competitors to sextortionists.

Network & Perimeter

After Equation Group Dump, Cisco Finds New Zero-Day Flaw

Jeremy Kirk  •  September 20, 2016

Cisco has patched another zero-day flaw stemming from the Shadow Brokers' leak of Equation Group tools and attack code. The technology giant warns that attackers have been exploiting the vulnerability.

Forensics

Could FBI Have Cracked Shooter's iPhone for Less Than $100?

Jeremy Kirk  •  September 20, 2016

Apple-FBI crypto debate update: A researcher successfully defeated an iPhone passcode using less than $100 in equipment. But the delicate procedure, if used on the San Bernardino shooter's iPhone, could have accidentally obliterated its data.

Breach Response

Helping Police Solve Cybercrimes

Tracy Kitten  •  September 19, 2016

Because many law enforcement agencies lack cybercrime expertise, it's important for companies that have been attacked to provide as much technical and forensic information as possible to authorities to help ensure that investigations lead to arrests and prosecutions, a panel of experts says.