News
News
- October 21, 2015
21 Oct'15
Trend Micro acquires HP TippingPoint for $300 million
Trend Micro agreed to purchase HP TippingPoint for $300 million in an effort to bolster network security, but experts disagree on the strategy of either company involved.
- October 20, 2015
20 Oct'15
Report: CIA director's email hacked repeatedly by high school student
CIA Director John Brennan had his email hacked multiple times, and the hacker found that Brennan stored potentially sensitive information in his AOL email account.
- October 20, 2015
20 Oct'15
Social media attacks a growing concern for enterprises
It's important for online users to understand social media risks and the caution they should use when sharing personal information online.
-
- October 19, 2015
19 Oct'15
Adobe patches Flash zero-day used in foreign ministry attacks
Adobe has released an emergency patch for Flash zero-day vulnerabilities that have been exploited in the wild in attacks on foreign affairs ministries.
- October 16, 2015
16 Oct'15
EMV transition: FBI warns while Target opts for PINs
News roundup: FBI issues a public service announcement about EMV chip-and-signature cards. Plus: bumper crop of OS X malware in 2015; phishing sites with authenticated certificates and more.
-
Sponsored News
-
It’s Time to Modernize Your SOC
Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
-
6 Factors to Consider in Building Resilience Now
Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
-
Why Zero Trust, Why Now
Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More
-
5 Best Practices To Secure Remote Workers
Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More
-
- October 16, 2015
16 Oct'15
Automating security, privacy in software programming
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- October 16, 2015
16 Oct'15
What does the Consumer Privacy Bill of Rights mean for enterprises?
The Consumer Privacy Bill of Rights, if made a federal law, would create a uniform set of privacy requirements. Here's a look at the potential benefits.
- October 15, 2015
15 Oct'15
Cybersecurity strategy needs to be more dynamic, experts say
The digital world moves very fast, but a new survey claims that cybersecurity strategy does not move fast enough to keep up with threats -- and experts tend to agree.
- October 14, 2015
14 Oct'15
Windows 10 security fixes longtime OS vulnerabilities
Windows 10 security incorporates years of improvements to remove or mitigate long-term issues with Windows vulnerabilities.
- October 13, 2015
13 Oct'15
October Patch Tuesday: The first of 2015 with no zero-day exploits
Microsoft's October 2015 Patch Tuesday has the fewest number of bulletins of any release this year, and is also the first of the year to not feature any patches related to zero-day exploits.
-
- October 13, 2015
13 Oct'15
Chinese hackers arrested at the request of the US
China's government has reportedly arrested a number of Chinese hackers suspected of involvement with attacks on the US, but one expert is unsure this will lead to more cooperation between nations.
- October 09, 2015
09 Oct'15
Safe Harbor agreement invalid: Privacy win or enterprise woe?
News roundup: The EU Court has invalidated the Safe Harbor agreement, leaving companies scrambling to deal with overseas data transfers securely. Plus: SHA-1 collision attack; NIST email security initiatives; worry over cyberthreats.
- October 09, 2015
09 Oct'15
Vigilante Team White hackers admit to infecting 300,000 devices
Team White hackers have taken credit for infecting more than 300,000 devices with the Wifatch malware designed to harden security, but experts still question the team's vigilante actions.
- October 08, 2015
08 Oct'15
Cybercrime costs rising, experts say application layer needs budget
Two separate reports noted that cybercrime costs are significant. Some experts said reallocating budget resources to application layer security may be the answer.
- October 06, 2015
06 Oct'15
New YiSpecter iOS malware affects non-jailbroken devices
Malicious actors have found new ways to attack non-jailbroken iOS devices, but experts say the YiSpecter iOS malware may not be as dangerous as it sounds.
- October 02, 2015
02 Oct'15
Router malware may be white hat security vigilantism
An unknown source is infecting thousands of routers with malware not to intentionally cause harm, but apparently as an act of white hat security vigilantism to make the routers safer.
- October 02, 2015
02 Oct'15
As EMV adoption lags, industry remains optimistic
News roundup: Despite a low adoption rate going into the liability shift, many in the industry are optimistic about the future of EMV use. Plus: TrueCrypt flaws; AWS crypto keys stolen; women in infosec.
- October 01, 2015
01 Oct'15
Android Stagefright 2.0 affects all 1.4 billion Android devices
The Android Stagefright vulnerability has been updated to version 2.0, as the original researcher found the flaw in all versions of Android released to date. Google has promised a fix within days.
- October 01, 2015
01 Oct'15
Study claims enterprise vulnerability remediation can take 120 days
A new study has found that although flaws are most likely to be exploited within 60 days of discovery, companies can take between 100 and 120 days for vulnerability remediation.
- October 01, 2015
01 Oct'15
The EMV liability shift date is here, now what?
The Oct. 1, 2015 deadline for EMV liability has arrived, though merchants and retailers alike aren't ready for the change.
- September 25, 2015
25 Sep'15
Google Project Zero reports more Kaspersky software vulnerabilities
Kaspersky Lab has fixed some of the vulnerabilities in its antivirus products, but a new report from Google Project Zero reveals there's more work to be done.
- September 25, 2015
25 Sep'15
OPM breach widens to 5.6 million fingerprint records
News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.
- September 23, 2015
23 Sep'15
As the CIA enters the picture, iOS malware count up to 4,000
The largest incident of iOS malware found in the Apple App Store has grown exponentially, as researchers find more than 4,000 apps infected. And the attackers may have been inspired by CIA techniques.
- September 22, 2015
22 Sep'15
Internal report on Target data breach reveals glaring security holes
An internal report on Target's breach, obtained by security reporter Brian Krebs, shows the retailer suffered from major security flaws.
- September 22, 2015
22 Sep'15
Certificate Transparency catches bad digital certificates from Symantec
Symantec testers created unauthorized Extended Validation certificates, but the bad certificates were caught by the Certificate Transparency log.
- September 21, 2015
21 Sep'15
Google wants sites to disable SSLv3 to boost Web security
Google is trying to drag Web security into 2008 by asking sites to disable SSLv3 and RC4, and setting a minimum transfer security protocol of TLS 1.2.
- September 21, 2015
21 Sep'15
App Store iOS malware found after first large-scale attack
For the first time, a large amount of iOS malware has made it past Apple's App Store security controls, potentially affecting hundreds of millions of users.
- September 18, 2015
18 Sep'15
Cisco router malware in the wild more widespread than first believed
News roundup: Additional research shows a Cisco router implant affects more devices than originally reported. Plus: Let's Encrypt's first cert issued; Tor in the library; the mitigated (but not fixed) iOS AirDrop vulnerability.
- September 18, 2015
18 Sep'15
DHS audit details cyber mission failures and future efforts
An internal audit of the U.S. Department of Homeland Security has been completed, detailing areas where its cyber mission has failed and what plans are in place to make improvements.
- September 17, 2015
17 Sep'15
Hacker groups shifting to corporate cyberespionage schemes
There is a growing concern for cyberespionage in U.S. after a financially motivated hacker group stole inside information to make millions from insider trading schemes.
- September 16, 2015
16 Sep'15
Stolen credentials are key to avoiding breach detection
A new report details how attackers can fly under the radar by using stolen credentials in order to avoid breach detection and forgoing the use of malware in malicious activity.
- September 15, 2015
15 Sep'15
Hackers hijack website analytics for black hat SEO and more
A new report shows that hackers are manipulating the ownership settings of the Google Search Console in order to hijack website analytics for use in black hat SEO campaigns and more.
- September 11, 2015
11 Sep'15
Department of Energy latest victim of a government data breach
The U.S. Department of Energy became the latest government cyberattack victim after a report disclosed the agency had suffered more than 1,000 cyberattacks in a four-year span.
- September 11, 2015
11 Sep'15
Cybersecurity Information Sharing Act has 'significant problems'
A new version of the Cybersecurity Information Sharing Act is scheduled to go in front of the Senate this fall, but one expert said the bill has 'significant problems.'
- September 10, 2015
10 Sep'15
CAPTCHA-bypassing malware on Android apps found in Google Play Store
Researchers found advanced CAPTCHA-bypassing malware on Android apps in the official Google Play Store, but Google downplayed the impact.
- September 09, 2015
09 Sep'15
IT pros don't get cybersecurity risks around certificate authorities
A survey of IT professionals at the Black Hat conference shows that understanding of certificate authorities is low, and Venafi believes this could lead to cybersecurity risks.
- September 08, 2015
08 Sep'15
September 2015 Patch Tuesday: More critical Microsoft Office fixes
Microsoft's September 2015 Patch Tuesday is available now and includes five critical bulletins, two of which tackle remote code execution flaws affecting Microsoft Office.
- September 04, 2015
04 Sep'15
DOJ Stingray rules require warrant to track mobile phones
The U.S. Department of Justice announced the establishment of a new policy for cell-site simulator devices that will require law enforcement to obtain warrants in order to track mobile phones.
- September 03, 2015
03 Sep'15
OPM breach protection services on the way for 21.5M victims
The contract for identity theft and credit protection services for OPM breach victims has been awarded, but protection notifications will not be going out to OPM victims until later this month.
- September 02, 2015
02 Sep'15
Deception may be next big IT security tool, or may be hype
A new report claims that deception may become a big factor in the future of IT security tools, but one expert warns that the efficacy of such tactics can diminish with popularity.
- September 01, 2015
01 Sep'15
Warnings, neglect and a massive OPM data breach
Why no one should have been surprised by the massive government Office of Personnel Management data hack.
- September 01, 2015
01 Sep'15
Chip and PIN migration slow as EMV deadline approaches
A major deadline for EMV card adoption is just one month away. Can chip-and-PIN and chip-and-signature technology improve payment card security and reduce fraud?
- August 31, 2015
31 Aug'15
Qualcomm claims new mobile SoC will feature zero-day detection
Qualcomm announced that its next flagship chipset will include Smart Protect, a feature designed for machine learning and zero-day detection on mobile devices.
- August 28, 2015
28 Aug'15
Tor vulnerabilities make the Dark Web too risky for the black market
The Dark Web is where many shady deals can happen on the Internet, but Tor vulnerabilities have made it too risky for one of the largest online black markets to stay in business.
- August 28, 2015
28 Aug'15
Gula talks Nessus agents and Nessus cloud
Video: SearchSecurity spoke with Tenable co-founder Ron Gula about recent additions to the Nessus feature set, including a version that lives in the cloud.
- August 27, 2015
27 Aug'15
Report: phishing training could cut damage costs by $1.8M
A new report breaks down the potential costs associated with a phishing breach and claims that phishing training could cut those costs by as much as $1.8 million.
- August 27, 2015
27 Aug'15
Angler EK and Flash zero-days make malvertising more effective
Malvertising campaigns are becoming more effective due to the popularity of the Angler EK and its use of Flash zero-day vulnerabilities. And one expert says ad blockers are not the answer.
- August 27, 2015
27 Aug'15
CISOs: Application security programs need improvements
An up-to-date application security program -- as well as knowing how to connect with stakeholders -- is critical to being a successful CISO today, said Renee Guttmann, vice president, Office of the CISO at Accuvant Inc.
- August 25, 2015
25 Aug'15
Report says SMB IT still doesn't get virtualization security
A new report makes controversial claims about the costs of breaches in virtualized environments, strongly suggesting IT pros may not understand the challenges of virtualization security.
- August 25, 2015
25 Aug'15
Choosing a threat intelligence platform: What enterprises should know
Video: Threat intelligence tools are a growing market and enterprises need to be able to see through the hype to get the best product for them.
- August 20, 2015
20 Aug'15
Is the future of cyberdefense a new branch of the military?
An IT professional suggests the best way to improve cyberdefense and security in the public and private sectors may be a new branch of the military. But, according to one expert, the benefits of such a plan can be gained with the current setup.
- August 18, 2015
18 Aug'15
Millions left at risk as Android Stagefright fix pushed to September
The Android Stagefright vulnerability continues to put millions of users at risk because Google's first attempt at a patch did not work, and a new fix likely will not come until September.
- August 18, 2015
18 Aug'15
From CCSP to CISSP: A look at (ISC)2 cybersecurity certifications
Video: Cybersecurity certifications are not in short supply, but (ISC)2 still dominates the field with CISSP and the new CCSP certification from its CSA partnership.
- August 14, 2015
14 Aug'15
Government email security woes widen with Pentagon breach and more
News roundup: Government email security got pummeled this week with news of hacks, breaches, unlabeled classified data and spying. Plus: Hacking a Corvette via text; Android sandbox bypass flaw; Oracle CSO blogs against reverse-engineering.
- August 14, 2015
14 Aug'15
Dropbox adds support for U2F security keys
Dropbox announced it is strengthening login options with support for universal 2nd factor (U2F) security keys with the aim of making two-step verification faster and easier.
- August 13, 2015
13 Aug'15
Bitdefender hack the latest cyberattack on security vendors
Bitdefender suffered a data breach in which a hacker stole a small number of unencrypted usernames and passwords for active customers. The hacker then demanded $15,000 in ransom.
- August 13, 2015
13 Aug'15
Addressing wearables security, the next wave of BYOD concerns
Wearables are the next wave of BYO devices infiltrating the enterprise. Domingo Guerra, president and co-founder of Appthority, talked to SearchSecurity at RSA Conference 2015 about how to address the onslaught.
- August 12, 2015
12 Aug'15
Darkhotel APT found using Hacking Team Flash zero-day in exploits
The Darkhotel advanced persistent threat group used an Adobe Flash zero-day vulnerability from the Hacking Team data leak, according to Kaspersky research.
- August 11, 2015
11 Aug'15
Microsoft Office bug highlights August 2015 Patch Tuesday
Microsoft's August 2015 Patch Tuesday may not be as packed with danger as a typical release, according to one expert, but does include critical bulletins for Microsoft Office and even one for the new Edge browser.
- August 07, 2015
07 Aug'15
ICANN breached, members' encrypted passwords stolen
News roundup: ICANN confirmed its members' credentials were stolen Wednesday, forcing the nonprofit to enforce a site-wide password reset. Plus: VPN provider being used for APTs; Thunderstrike strikes again; Windows 10 security in its first week.
- August 07, 2015
07 Aug'15
Black Hat 2015: Machine learning security must add variety
Machine learning is better at detecting malware than systems that scan for known signatures. But researchers at Black Hat 2015 say adding a twist widens the performance gap even further.
- August 07, 2015
07 Aug'15
Black Hat 2015: Rebuilding IT security after a cyber disaster
In the wake of a major cyberattack, the process of rebuilding IT security can be daunting, but Christina Kubecka has some tips from her experiences with Saudi Aramco after a massive attack in 2012.
- August 07, 2015
07 Aug'15
Emerging security trends enterprises should keep an eye on
Video: KPMG's Ronald Plesco discusses the main emerging security trends -- security analytics, the Internet of Things and virtualization -- and what else is on the horizon for the industry.
- August 06, 2015
06 Aug'15
Black Hat 2015 opens with bleak view of Internet freedom
Legal expert Jennifer Granick kicked off Black Hat 2015 with a warning to conference goers that Internet freedom and openness are dying.
- August 05, 2015
05 Aug'15
Security machine learning methods needed to adapt to evolving threats
Data science can sort through huge data stores in order to find and stop advanced attackers and malware, but new methods are needed to make sure the machine learning keeps up with evolving threats.
- August 05, 2015
05 Aug'15
New report sheds light on the growing threat of bulletproof hosting services
Cybercrime has developed substantially due to bulletproof hosting service efficiency. Trend Micro's report explains how and why these services evade law enforcement officials and remain online.
- August 04, 2015
04 Aug'15
Is third-party vendor management the next IAM frontier?
Identity and access management deployments are notoriously complex. And things are getting worse as legacy technology meets next-generation applications. As the traditional network perimeter continues to disappear, robust IAM becomes more important ...
- August 03, 2015
03 Aug'15
Cybersecurity skills shortage demands new workforce strategies
The race to find InfoSec professionals who can outpace advanced threats has companies worldwide facing hurdles.
- July 31, 2015
31 Jul'15
Protests lead to drafting new Wassenaar Arrangement cybersecurity rules
Major IT companies, such as Black Hat and Google, spoke out against the proposed Wassenaar Arrangement rules for cybersecurity software. And those protests caused the U.S. Department of Commerce to commit to drafting new rules.
- July 31, 2015
31 Jul'15
Tor anonymity called into question as alternative browser surfaces
News roundup: New threats add to the Tor anonymity debate, as a new browser aims to take anonymous browsing to the next level. Plus: Android security outlook is bad -- or is it? Also, another Xen host escape flaw and Wassenaar revisions put on hold.
- July 31, 2015
31 Jul'15
Darkode criminal forum reborn less than two weeks after DOJ shutdown
The recently shutdown Darkode cybercriminal community has been rebuilt, and claims the administrators are intact and security will be tightened to better avoid law enforcement.
- July 30, 2015
30 Jul'15
Intel, Cisco pushing for enhanced security communication, integration
Vendors, such as Intel and Cisco, are hoping to pave the way for a security ecosystem in which applications communicate threat intelligence amongst each other. Will it work?
- July 30, 2015
30 Jul'15
Xceedium turns deaf ear, triggers vulnerability disclosure
Swiss research group modzero disclosed a vulnerability that enabled remote attacks on Xceedium's Xsuite privileged access manager.
- July 29, 2015
29 Jul'15
The same Chinese hackers linked to United, Anthem and OPM breaches
Sources claim the same Chinese hackers are behind the attacks on United Airlines, Anthem Health Services and the U.S. Office of Personnel Management.
- July 29, 2015
29 Jul'15
Security operations centers could be key to better security
Video: Security operations centers are critical to continuous network monitoring and detecting data breaches. Eric Cole discusses SOCs and the role security automation plays in them.
- July 27, 2015
27 Jul'15
Another government data breach: U.S. Census Bureau admits to hack
The U.S. Census Bureau admits that it was attacked and had data exfiltrated from its systems. One expert says this latest government data breach is another example that federal systems are not safe from attack.
- July 27, 2015
27 Jul'15
Valve fixes Steam password bug that led to compromised accounts
A glaring error in the Steam password recovery system allowed hackers to take over accounts for Valve's popular gaming platform.
- July 24, 2015
24 Jul'15
Alleged car hack prompts call for vehicle security act, DMCA exemption
News roundup: A wireless car hack demonstration has pushed vehicle security legislation and DMCA exemptions into the spotlight, and prompted a manufacturer recall. Plus: Hacking Team update; DHS email issues; and smartwatches vulnerable to attack.
- July 23, 2015
23 Jul'15
National Guard breach highlights the risk of accidental data exposure
The National Guard reported an accidental data exposure affecting thousands of former and current employees was not related to the OPM breach.
- July 22, 2015
22 Jul'15
Hackers targeting .NET shows the growing pains of open source security
According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.
- July 21, 2015
21 Jul'15
Microsoft releases out-of-band patch for Windows zero-day
A Windows zero-day affecting a wide swath of Microsoft products has been found in the Hacking Team data leak, so Microsoft has released an out-of-band patch to fix the vulnerability.
- July 20, 2015
20 Jul'15
Black Hat and Google speak out against Wassenaar Arrangement
The Wassenaar Arrangement is a multilateral export control association aimed at controlling a wide range of goods, including intrusion software. However, Black Hat and Google believe the proposed rules will have a negative impact on security.
- July 17, 2015
17 Jul'15
DOJ takes down Darkode, but for how long?
The U.S. Department of Justice, in coordination with 20 countries, has taken down the computer hacking forum known as Darkode, but experts say the community is already rebuilding.
- July 17, 2015
17 Jul'15
Subway app reverse engineering highlights uptick in mobile app safety
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- July 16, 2015
16 Jul'15
Flash Player security failures turn up the hate
There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder.
- July 15, 2015
15 Jul'15
More Flash zero-day bugs follow Hacking Team breach
Researchers discovered two more vulnerabilities in Adobe Flash player stemming from the breach of Italian surveillance software vendor Hacking Team.
- July 14, 2015
14 Jul'15
July 2015 Patch Tuesday: Microsoft and Adobe attack Hacking Team zero-days
July 2015's Patch Tuesday shows both Microsoft and Adobe working fast to patch four Hacking Team zero-day vulnerabilities exposed in the past week.
- July 14, 2015
14 Jul'15
Windows Server 2003 end of life leaves many at risk
The Windows Server 2003 end of life is upon us and many organizations still haven't made the upgrades or security remediations necessary to mitigate the coming risks.
- July 10, 2015
10 Jul'15
FBI: We don't want a government backdoor, just access to encrypted data
News roundup: Despite the benefits of encryption, FBI Director James Comey says it inhibits legal investigations. It's up to tech companies to help. Plus, read about major "computer glitches," Kali 2.0 and more.
- July 10, 2015
10 Jul'15
OPM hackers stole 21.5 million records, 1.1 million fingerprints
Investigators for the OPM data breach find that 21.5 million personal records were stolen in the attack, including 1.1 million fingerprints. The White House is still considering its response.
- July 10, 2015
10 Jul'15
Homeland Security chief calls for federal breach reporting law
The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws.
- July 08, 2015
08 Jul'15
Industrial espionage group hacked Apple, Facebook, Microsoft
A mysterious hacker group has hit a number of major U.S. companies with the intent of committing industrial espionage, according to new security research reports.
- July 08, 2015
08 Jul'15
Adobe patches Flash zero-day found in Hacking Team data breach
Adobe patches a Flash zero-day vulnerability found as part of the massive data breach of Hacking Team. Experts recommend speedy remediation as the flaw has been added to multiple exploit kits.
- July 07, 2015
07 Jul'15
Critical OpenSSL patch coming Thursday
The OpenSSL project team will release a critical patch on Thursday and experts warn admins that the upgrade process could take days or weeks to complete.
- July 06, 2015
06 Jul'15
Hacking Team internal documents released after massive data breach
Controversial Italian surveillance software firm, Hacking Team, was attacked, resulting in a 400 GB leak of sensitive data. The response from the Hacking Team was threatening, but may have been part of the attack.
- July 02, 2015
02 Jul'15
Why Web browser security is a goldmine for attackers
Video: Robert 'RSnake' Hansen of WhiteHat Security discusses Web browser security, third-party software vulnerabilities and the sad state of browser security throughout the industry.
- June 30, 2015
30 Jun'15
US government passwords stolen and leaked around the Web
A report reveals that many stolen US government agency passwords traveled across the Web, including credentials from OPM, which was recently breached due to stolen passwords.
- June 26, 2015
26 Jun'15
DNS vulnerability found in RubyGems software packaging client
RubyGems software packaging client was found to have a DNS vulnerability that redirects users to malicious gem servers.
- June 26, 2015
26 Jun'15
Click fraud to ransomware: Study highlights dangers of malware lifecycle
New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!
- June 25, 2015
25 Jun'15
Stolen passwords to blame for OPM breach; director may take the fall
The OPM director told a Senate hearing that passwords stolen from a contractor led to the OPM breach. Now, her job is on the line and the number of breached records could be on the rise.