Vulnerable firmware has been highlighted again in a range of low-cost Android phones, raising concerns over their security. This latest incident comes 11 months after security analysts first raised flags.
NIST has issued long-awaited guidance on how to approach IT security as an engineering discipline. It's designed to help organizations build secure, trustworthy systems that meet evolving challenges, including the growth of the internet of things.
The success of Operation SAMBRE, a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, proves why information sharing between law enforcement and the private sector is key to battling cybercrime.
Yahoo in 2014 spotted that an attacker - later revealed to have compromised 500 million accounts - was inside its network, according to a new SEC filing. With Yahoo's $4.8 billion sale to Verizon still pending, the admission adds to the search giant's complications.
President-elect Donald Trump will review the nation's cyber vulnerabilities at the start of his presidency, just like Barrack Obama did. But Trump hasn't demonstrated the deep understanding of cyber that Obama did when he took office nearly eight years ago.
Did security vendor Cylance lean too heavily on decade-old research into weaknesses in a still-used electronic voting machine in order to get pre-election day headlines? A company spokesperson says no.
U.K. Chancellor Philip Hammond used the launch of Britain's new five-year National Cyber Security Strategy to trumpet the country's strike-back capabilities. But other parts of the strategy - including more automated defenses - hold much greater promise.
As if the internet of things didn't seem secure enough, now we have to worry about apps on our smartphones posing a risk too. At Black Hat Europe, researchers from Invincea Labs demonstrated zero-day flaws in Belkin's WeMo home-automation device firmware as well the WeMo Android app, which have been patched.
I'm looking forward to this week in London, where Jason Tunn of the Metropolitan Police Service will walk us through a high-profile cybercrime investigation that resulted in the 2015 arrest of two British hackers with links to Russia after they attacked leading U.K. banks with the Dridex banking Trojan.
The ransomware-as-a-service operation known as Cerber is earning at least $200,000 per month via ransoms paid by victims, says Check Point Software Technologies' Gadi Naveh. In an audio interview, he explains that bitcoins and high levels of automation are key to the operation's success.
This year, the annual Black Hat Europe conference decamps from Amsterdam to London. What's in store? Everything from mobile ransomware and quantum-resistant crypto to "ego markets" and how to turn Belkin IoT devices into launch pads for DDoS attacks.
After 10 days of Microsoft not issuing an advisory or fix for a zero-day flaw found by Google that's being actively exploited in the wild, Google publicly revealed details of the flaw. But Microsoft says that puts its users at further risk.