The Trojan "Laziok" targets energy firms throughout the Middle East, India, the U.S. and the U.K., warn security researchers at Symantec. The malware attempts to exploit a Microsoft Office bug patched in 2012.
Declaring a national emergency over hack attacks, President Obama signed an executive order authorizing the government to impose sanctions on hackers. But information security experts voice questions - and concerns.
Some legal and security experts are questioning the potential effectiveness of President Obama's new executive order that allows the U.S. government to block or seize the assets of individuals suspected of launching significant cyber-attacks
Application security is not keeping pace with evolving attacks, says Prasenjit Saha, a CEO at the consultancy Happiest Minds Technologies. One problem: lack of a standard, secure coding process in the application development life cycle.
Chinese officials have reportedly agreed to delay some banking-sector requirements aimed at foreign technology vendors, who were instructed to submit to rigorous audits and to add government-approved backdoors to their products.
Psychologically speaking, nothing beats the power of a well-timed deadline. And love it or hate it, Google's 90-day "Project Zero" deadline for fixing flaws - before they get publicly disclosed - has rewritten bug-patching rules.
Web.com won't confirm or deny that its Register.com subsidiary, which manages more than 2 million domain names, has been breached. But a news report claims the FBI is investigating a year-old intrusion.
When Todd Davis helped found LifeLock in 2005, ID fraud was a niche consumer issue. Today it's a major enterprise risk. What are today's top fraud threats, and where are some of the surprising security gaps?
Microsoft has revoked a fraudulent SSL digital certificate issued in the name of its Finnish Windows Live service. But security experts warn that some software may "trust" the certificate for years, so it could be exploited in phishing campaigns.
Experts analyze a news report that the investigation into the hack attack against JPMorgan Chase could result in criminal charges being filed in the "coming months" because investigators believe at least some suspects can be extradited.
More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of nuclear reactors, under the threat of leaking sensitive information. But it's not clear how many such attacks generate revenue for attackers.