Facebook is aiming to make account recovery and password resets more secure with a new, updated approach that eliminates outdated weaknesses such as emailed reset links, SMS messages and security questions.
Offspring of the Zeus banking Trojan continue to spring to life. Functionally, however, security experts say most POS-infecting banking malware remains almost identical. So why aren't more organizations putting well-known defenses in place?
Three Eastern European men have been sentenced to five years in prison for their roles in helping a criminal gang steal $2.7 million from First Commercial Bank ATMs in Taiwan. Europol says two others involved in the thefts have been arrested in cooperation with Belarus and Romanian authorities.
Nearly three years after the Heartbleed bug - and 600,000 vulnerable servers - was discovered, the vulnerability lives on. The latest scans still count 180,000 at-risk servers. Why won't this bug just die?
The subscription-based breach notification service LeakedSource appears to have gone dry. Security expert Troy Hunt says the privacy writing has been on the wall for the site, owing to it selling access to stolen personal data.
An overlooked security setting on Twitter may have allowed a hacker to guess the password-reset email addresses tied to accounts used by President Donald Trump, first lady Melania Trump, Vice President Mike Pence plus a top adviser. What's the risk?
Four years after a messy legal battle sparked by Edward Snowden using its service, the secure email provider Lavabit is back with a new platform designed to provide better privacy protection - users can select from "trustful," "cautious" or "paranoid" modes - by encrypting both email content and metadata.
Say hello to Fruitfly, the first piece of Mac malware to be discovered this year. The two-year-old malicious code is odd - it includes code that dates from the late 1990s - and appears to be designed to exploit biomedical institutions via targeted attacks.
College student Zachary Shames, who's pleaded guilty to developing and selling Limitless Logger spyware, was outed to the FBI by security firm Trend Micro after Shames failed to compartmentalize his online activities. Turns out hiding your identity online is harder than it might appear.
Two Florida men have pleaded guilty to helping operate an unlicensed bitcoin exchange, Coin.mx, as a result of a wide-ranging government investigation into a massive scheme that involved hacking into multiple financial institutions, including JPMorgan Chase.
Information security researchers have charted a steep decline in Locky ransomware and Dridex banking Trojan distribution in recent weeks. While that's good news, it may only reflect that a cybercrime gang is on vacation.
Dutch police reveal they arrested an e-commerce website developer on charges of installing backdoors that allowed him to siphon 20,000 email addresses and passwords, which he then allegedly used to commit fraud using some old-school tactics.
Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.