Java users are being warned to only use newly released installers to avoid a nasty potential exploit. Meanwhile, a veteran bug hunter questions whether Oracle's move to ditch Java browser plug-ins will have a significant security upside.
"We never negotiate" might be the expectation whenever law enforcement or government agencies get targeted by criminals or even "cyberterrorists." But outside Hollywood, the reality too often turns out to be far less rigid.
Sometimes language barriers can be a good thing: Many malware-wielding cybercriminals have historically targeted users in North America and Europe over Japan, owing to linguistic challenges. But that's changing.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
What's it take to be a successful CISO? Mark Dill, former longtime information security director at the Cleveland Clinic, says it comes down to being patient, persistent and perceived as practical. He offers detailed career advice in this interview.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.
LabMD's recent victory in its long legal battle with the Federal Trade Commission will be short-lived, the medical testing lab's CEO predicts. Find out why, and what changes Michael Daugherty hopes the case will bring to FTC's enforcement practices.
Security experts trace many of the world's cybercrime attacks to Russia. But Russian authorities never extradite suspects, and they allow hackers to operate with impunity - if they play by some ground rules.
Thou shalt not reverse engineer Oracle's products. That was the stunning diktat issued by Oracle CSO Mary Ann Davidson in a blog post that some are reading as a declaration of war against the security research community.
The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age, whether it comes to online dating or the Internet of Things.
Forget attributions of the German parliament malware outbreak to Russia, or Chancellor Angela Merkel's office being "ground zero." The real takeaway is the Bundestag's apparent lack of effective defenses or a breach-response plan.
Caffeine junkies are up in arms over reports that criminals have been targeting their Starbucks account balances. But the real story is poor password-picking practices by consumers, and Starbucks' lack of multi-factor authentication.