Although restaurant chain P.F. Chang's has not yet confirmed a breach, several researchers say they believe the chain suffered a malware attack similar to those that compromised Target, Neiman Marcus and Sally Beauty.
A second economic espionage campaign has been tied to a Chinese military hacking team. But does that attribution help businesses, or just highlight security firms battling for government cybersecurity spending?
When NIST issued "Guidelines on Cell Phone Forensics" in May 2007, Apple's introduction of the iPhone was a month away. Seven years later, NIST is revising its guidance and giving it a new moniker, "Guidelines on Mobile Device Forensics."
Paul Smocer of BITS explains why banking institutions, which face increasing cyberthreats, need to put the NIST Cybersecurity Framework to use, and why third parties should prepare for more regulatory scrutiny of their security practices.
The British government aims to increase uptake of five essential security controls at U.K. businesses, backed by third-party annual audits and a badge of compliance. Many government contractors must comply.
In the wake of the Heartbleed flaw, a researcher finds new weaknesses in OpenSSL that could be exploited to launch man-in-the-middle attacks, distributed-denial-of-service attacks and remote-code execution on millions of sites.
A proposed UK computer crime bill would increase hacking penalties and criminalize cybercrime attacks that impact the economy, environment or national security. Proving related charges in court, however, could be difficult.
An ongoing APT campaign employs decoy documents to lure potential victims into installing malicious remote-control tools. Targets include at least one bank, the BBC and many U.S. and EU government agencies.
Security researchers say the international takedown of the Gameover Zeus botnet and servers for CryptoLocker ransomware will have a positive short-term impact, but they warn the threats could quickly re-emerge unless key steps are taken.
The OpenSSL Project is receiving new funding to support its operations following the Heartbleed exploit that exposed a flaw in the cryptographic tool that's used to provide communications security and privacy online.