• DHS and NIST release complementary IoT security guidance
  • Android spyware detected in wild being used by government
  • Massive FriendFinder Network breach prompts password security debate
  • BlackNurse hits big routers with low-volume denial-of-service attack
  • Postelection Russian hacker cyberattacks evade malware detection
  • Pawn Storm APT ramps up attacks after Google's zero-day disclosure
  • Adobe data breach settlement pays $1 million to 15 states
  • Yahoo breach investigation adds more questions than answers
  • Google releases supplemental Android patch for Dirty COW
  • Microsoft kills Windows zero-day flaw in November 2016 Patch Tuesday
  • Poor OAuth implementation leaves millions at risk of stolen data
  • Dark web markets get warning shots from global law enforcement
  • Mirai botnet attacks Liberia as new and improved IoT malware looms
  • Experts question Microsoft's Windows zero-day response
  • Microsoft claims Windows zero-day exploited by Russian state actors
  • Nematode worm could dismantle Mirai IoT botnet
  • Mandatory certificate transparency for Chrome trust starts Oct 2017
  • The Shadow Brokers dumps list of NSA-targeted servers
  • Mozilla drops WoSign as trusted certificate authority, adopts TLS 1.3
  • FCC passes new ISP privacy rules to protect customers
  • Details emerging on Dyn DNS DDoS attack, Mirai IoT botnet
  • Windows atom tables vulnerable to code-injection attack
  • XNU kernel vulnerability patched for iOS and macOS
  • Adobe Flash patch for Flash zero-day exploit on Windows
  • Clapper, Flashpoint: Dyn DNS DDoS attacker likely not a state actor
  • FBI queried on use of vulnerabilities equities process in Playpen case
  • Drammer proves Rowhammer can be used to root Android
  • Questions still loom after Dyn DNS DDoS disrupts internet access
  • Dirty COW Linux vulnerability has existed for nine years
  • Malicious links led to Clinton campaign and Colin Powell hacks
  • Dyn hit by massive DNS DDoS, Eastern U.S. bears brunt of attacks
  • Mozilla set to dump SHA-1 certificates by early 2017
  • EU-U.S. Privacy Shield certification process picks up steam, slowly
  • Intel chip flaw allows attackers to bypass ASLR protection
  • IBM yanks POC code in coordinated vulnerability disclosure
  • Secret Service cybersecurity audit shows 'unacceptable' flaws
  • The Shadow Brokers cancel the auction of NSA cyberweapons
  • Certificate revocation list error strands sites signed by GlobalSign
  • Pork Explosion opens Android backdoor, roasts branded vulnerabilities
  • Odinaff banking Trojan linked to Carbanak group, attacks SWIFT
  • Adobe patches 83 vulnerabilities in latest crop of fixes
  • Hackers leverage 12-year-old OpenSSH vulnerability for IoT attack
  • Researchers demonstrate undetectable encryption backdoor in crypto keys
  • Lack of awareness may hamper GDPR compliance, Dell reports
  • White House considers proportional response to Russian hackers
  • October 2016 Patch Tuesday fixes five zero-day flaws in monthly rollup
  • Expired domains present an opportunity for malicious activity
  • October's Android Security Bulletin patches 78 vulnerabilities
  • Yahoo implicated in secret surveillance program, but questions remain
  • DNS monitoring can help deanonymize Tor users
  • Cisco Talos finds severe JPEG 2000 flaw for remote code execution
  • Release of Mirai IoT botnet malware highlights bad password security
  • Patched OpenSSL vulnerability creates new critical flaw; patched again
  • James Plouffe talks 'Mr. Robot' hacks and the show's technical accuracy
  • FBI confirms more state voter databases targeted by attackers
  • Mozilla to drop WoSign as a trusted certificate authority
  • Yahoo breach calls into question detection and remediation practices
  • MobileIron: Enterprises aren't focusing enough on mobile threats
  • SWIFT security controls to be mandatory by 2018
  • ICANN grinds forward on crucial DNS root zone signing key update
  • Latest iOS 10 release includes password-verification flaw
  • Powerful DDoS attacks leveraging IoT devices hit several companies
  • Yahoo breach leaves 500 million accounts compromised
  • FBI ransomware alert: Don't pay; report, defend against attacks
  • Symantec patches two more flaws after Google Project Zero discoveries
  • Anomaly detection in new SWIFT antifraud reports may fall short
  • Shadow Brokers' Cisco vulnerability exploited in the wild
  • NAND-mirroring iPhone hack would have made the FBI's job much easier
  • Most popular exploit kits target Flash, Java and IE
  • Google Project Zero Prize competition set to tighten Android security
  • MySQL vulnerability disclosed, status of patches uncertain
  • Law enforcement hacking declared search under Fourth Amendment
  • Monthly Windows rollup: Simplification or loss of patching control?
  • September 2016 Patch Tuesday: Browser security takes center stage
  • Burr-Feinstein bill still looks to force companies to break encryption
  • RSA: No major changes expected following Dell-EMC merger
  • Google to tweak Chrome browser security in 2017, flag HTTP as insecure
  • OPM breach report blames leadership inaction for data loss
  • Intel Security sale finalized, McAfee brand resurrected
  • Experts split on whether we're in a cyber arms race or open conflict
  • President Obama urges focus on non-state actors, not cyber arms race
  • The original hacker, Guccifer, sentenced to 52 months in prison
  • Apple patches Pegasus spyware bugs in OS X, Safari
  • FBI wants 'adult' conversation about 'going dark' encryption debate
  • SWIFT discloses new attacks and bank thefts in private letter
  • Voter data breach leads to questions of tampering and state security
  • Pegasus iOS exploit uses three zero days to attack high-value targets
  • Ransomware decryption tool from Intel and Kaspersky quenches Wildfire
  • NSA's SNMP exploit cyberweapon affects all Cisco ASA software
  • Questions swirl around Shadow Brokers' cyberweapons dump
  • Hospital cybersecurity failing to encrypt transmitted health records
  • Leaked Cisco security vulnerability found in NSA exploit stockpile
  • Fallout from Equation Group cyberweapons leak continues to mount
  • Dell: Machine learning security hard to explain, harder to beat
  • Google AdSense malware silently delivers to Android users
  • SWIFT banking execs admit to ignoring security before hacks
  • PGP collision attack on Linux creator highlights flaws with short IDs
  • Windows Bash could open the door to more Linux-based attacks
  • New Vawtrak Trojan variant leverages SSL pinning, HTTPS
  • Equation Group cyberweapons auctioned off; WikiLeaks promises release
  • More