Millions of Android devices - as well as desktops and servers - are at risk from a newly disclosed flaw in the Linux kernel that a malware-wielding attacker could exploit to seize full control of the device.
The FBI is investigating the point-of-sale malware breach at hotel chain Hyatt, which says related infections stretched for four months and affected 250 hotels worldwide. But Hyatt has yet to reveal how many customers or payment cards were compromised - or how attackers got in.
Microsoft has patched a new, critical remote code execution vulnerability affecting all versions of Internet Explorer, but it's now only supporting and patching IE 11 and Edge. Potentially, several hundred million users of old IE versions are now at risk.
Tracing bitcoin transactions, some security experts suspect multiple gangs have each amassed more than $1 billion, making them the equivalent of "unicorns" - a term venture capitalists apply to extremely successful startup firms. In case there was any doubt, cybercrime really does pay.
Reliable data specifying the number of people employed in the United States in cybersecurity field is hard to find. But one government survey shows a 5 percent increase among information security analysts in 2015.
Networking vendor Fortinet refutes a researcher's assertions that there is an SSH "backdoor" in the FortiOS firmware that runs its devices. Many experts say that while the patched flaw looks unintentional, it might still serve as a backdoor.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
When it comes to threat detection, spotting malicious insiders is one thing. They often leave a trail. But how do you protect against the accidental insider threat? Mike Siegel, VP of Products at Forcepoint, shares strategy and solutions.
A team of cryptographers has found that the random-number generator Dual_EC - known to have been backdoored by the NSA - was added to Juniper's ScreenOS firmware around 2008 and is still present, although the networking giant has promised to soon replace it.
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
A power blackout that recently affected about 1.4 million Ukrainians has been tied to an espionage Trojan called BlackEnergy. The attack appears to be the first time that hackers have successfully used malware to help disrupt energy-generation systems.
To minimize the risk of business email compromise schemes and similar types of fraud, senior executives at businesses should avoid posting information about their activities on social media and other accessible forums, says security expert Chuck Easttom.
Four years after European criminals exploited EMV implementation vulnerabilities to steal an estimated $650,000, security experts say not all banks have adopted full fixes. But the payment card industry contends related mitigations are in place and working.