British intelligence agency Government Communications Headquarters (GCHQ) reportedly used spoofed LinkedIn and Slashdot pages to compromise the computers of network engineers working for global roaming exchange providers based in Europe.
The number of brands used in spoofed emails that trick people into visiting malicious Web sites or clicking on malware attachments rose in the second quarter, an indication that phishers are hijacking the good names of businesses from new markets, a report says.
Government and industry need to overcome significant challenges, including those related to privacy and security, before commercial drone aircraft can be safely allowed over U.S. airspace, the FAA said Thursday.
Facebook and Microsoft are winning plaudits from security researchers for launching an initiative to offer bounties to bug hunters who discover and report vulnerabilities in widely used products.
In the endless conflict over the protection of PHI -- Protected Health Information -- the good guys appear to be losing more battles, but winning the overall war, at least for the moment.
The Edward Snowden saga continues to serve up valuable lessons on the dangers posed to enterprise data by insiders with privileged access to systems and networks. The latest lesson involves the risks of allowing password sharing among employees.
Microsoft today said it will deliver eight security updates next week to patch critical vulnerabilities in Windows and Internet Explorer (IE), as well as others to plug holes in every supported edition of its Office suite.
According to a report from ThreatTrack Security, the company responsible for VIPRE Anti-Virus, a majority of malware analysts say that they've investigated or addressed a security incident that was never disclosed by their company. Moreover, many of those unreported incidents were caused by a senior executive within the organization.
Well, this isn't good news. A malicious "zero day" attack capable of hijacking your PC via a vulnerability found in Windows, Office, and Lync is being exploited more widely than originally thought, and Microsoft won't have a permanent fix ready in time for next week's Patch Tuesday blitz.
The PCI Security Standards Council released version 3.0 of the PCI Data Security Standard (PCI DSS) and corresponding Payment Application Data Security Standard (PA-DSS), adding new security requirements and guidance for payment-card industry organizations, including merchants, payment processors, financial institutions and service providers.
The U.S. Department of Justice is scrutinizing sellers on underground online marketplaces, and on Thursday said federal agents had arrested one person for alleged illegal weapons sale on underground market "Black Market Reloaded" in an elaborate sting operation.
A French court has ordered Google to block from its search results pictures of former Formula One motor racing president Max Mosley participating in a sado-masochistic sex party with five women.
You may think most visitors to a Web site login page are people, but the reality is the vast majority are automated tools used by criminals looking for weak passwords.
Apple received kudos yesterday for inserting a 'warrant canary' in its first transparency report on government information requests.
A unique effort to crowdsource a security audit of the popular TrueCrypt open source encryption software appears to be going viral three weeks after it was launched by two U.S. based researchers in response to concerns that the National Security Agency may have tampered with it.
A new bug bounty program sponsored by Microsoft and Facebook will reward security researchers for finding and reporting vulnerabilities in widely used software that have the potential to affect a large number of Internet users.
Everybody who spends much time on the web knows their activities are tracked for marketing purposes. Do a little online shopping for hats, and you will quickly see ads for hats popping up on other websites you visit.
AT&T supplies information on international calls that travel over its network, including ones that start or end in the U.S., under a voluntary contract with the U.S. Central Intelligence Agency, The New York Times reported Thursday.
The Intelligent Platform Management Interface (IPMI) implementation found in motherboards from server manufacturer Supermicro suffers from serious vulnerabilities that could allow attackers to remotely compromise the management controllers in servers that use them.
Nginx (pronounced engine-x), a lightweight alternative to Apache when it comes to webservers, installs access and error logs that are world-readable by default. Intitially, the security advisory related to the issue noted that the impact was low, but researchers at CloudPassage and Redspin have discovered that the issue has a much wider reach, including current source-based installations.