Information Security News

Cybersecurity checklist a strategy tool for increasing attack costs
Admiral Rogers, chief of U.S. Cyber Command, seeks cooperation
DOD announces 'Hack the Pentagon' bug bounty program
Government encryption backdoor debate is more nuanced at RSAC
Cybercrime trends point to growing sophistication
Bruce Schneier on IBM grabbing him up with Resilient Systems
Diffie, Hellman win Turing Award; cryptography research update
Yoran: Solve cybersecurity challenges with creativity, encryption
Microsoft sounds the bell for strong encryption, privacy
Lines drawn in iPhone backdoor case; Apple gets backup
Microsoft EMET vulnerability turns tool against itself
PCI DSS 3.2 marks the end of major updates to the standard
DHS posts CISA rules for reporting cyberthreat indicators
RSA Conference 2016 preview: IoT and encryption take center stage
Data breach lawsuits indicate a troubling trend for enterprises
Security startups vie for honors in RSA Innovation Sandbox
Court rules Apple needs iPhone backdoor; Tim Cook opposes
Ransomware attack causes internal emergency at Hollywood hospital
Study: IT staff pressured to buy useless cybersecurity products
Uncertainty over Privacy Shield as Facebook faces penalties
IRS hack leveraged stolen Social Security numbers
Congress Republicans rebuff Obama cyber budget effort
February 2016 Patch Tuesday: IE Flash vulnerabilities get a bulletin
Social engineering attack leads to leaked info on 20,000 FBI agents
Researchers offer motive behind China cyberattacks
Former CIA/NSA director Hayden supports strong encryption
Costly government cybersecurity system needs major changes
Harvard report: Metadata means there is no 'going dark' for the FBI
Deadline looms for Safe Harbor framework successor
OpenSSL patch fixes encryption flaw and strengthens Logjam defense
Oracle closing an attack vector by deprecating the Java browser plug-in
Congress demands Juniper backdoor audits by government agencies
Fortinet SSH vulnerability more widespread than thought
Will California ban smartphone encryption?
Linux kernel vulnerability has unknown risk, but Google has fix
Cisco Security Report: Dwell time and encryption security struggles
David Chaum's cMix: New tool for anonymity on the Internet
DHCP servers must be patched against denial-of-service attacks
Trend Micro Password Manager flaw; backdoors and passwords
Microsoft Silverlight patch might be a Hacking Team zero day
January 2016 Patch Tuesday: Address-spoofing patch starts the new year
OAuth vulnerabilities must be fixed in the standard
Warning: Internet Explorer end of life for 8, 9 and 10 on Tuesday
NSA whistleblower William Binney: Bulk data collection costs lives
MD5 vulnerability renews calls for faster SHA-256 transition
Blackphone vulnerability patched to prevent phone hijacking
Russian actors accused of attacking Ukraine with BlackEnergy malware
China's anti-terror law mandates tech firm cooperation
Adobe issues emergency patch for critical Flash vulnerabilities
Open database exposes 191 million voter registration records
Google accelerates Chrome SHA-1 deprecation schedule
Juniper firewall backdoors add fuel to encryption debate
PCI DSS 3.1 deadline for TLS migration pushed back
Compliance costs expected to rise as EU GDPR advances
CISA added to budget omnibus, with privacy protection stripped
Experts: Lawmakers don't understand encryption backdoor problems
Old Microsoft Kerberos vulnerability gets new spotlight
Symantec asks browser makers to distrust one of its root certificates
Governments weigh strong encryption vs. terror threats
FBI: Encryption backdoor laws are unnecessary, if companies comply
FBI admits to using zero-day exploits, not disclosing them
December 2015 Patch Tuesday: DNS query and zero-day flaws fixed
Temporary workers cause access management troubles over the holidays
HTML5 support could mean Adobe Flash end of life
First-ever high-level talks on US-China cyber issues
Alleged OPM breach hackers arrested by Chinese government
Experts question customized TLS implementation after Amazon s2n flaw
Amex credit card hack predicts replacement card number
Dell fixes root certificate issue reminiscent of Superfish
Lessons learned from the Adobe data breach
Safe Harbor framework update in danger of capsizing
Experts: DNSSEC protocol can't be worse than certificate authorities
TechTarget Survey: IT risk management, compliance top tasks
Going dark: FBI continues effort to bypass encryption
FBI accused of paying Carnegie Mellon $1M to hack Tor network
Java vulnerability caused by unpatched open source library
November 2015 Patch Tuesday: Font handling strikes again
Bluebox tackles mobile application threats for BYOD
NSA vulnerability disclosure policy balances offense and defense
Bad news for encryption security, PKI certificate revocation
Experts: Cyber liability insurance and lawsuits set to improve security
CSIP aims to modernize U.S. government cybersecurity
CoinVault, Bitcryptor ransomware declared dead following arrests
Cryptowall 3.0 ransomware reported to cost victims $325 million
Google slams Symantec over Certificate Transparency trouble
Congress can still fix CISA privacy issues in reconciliation
U.S. and E.U. enter into new data sharing agreement
Disputed Cybersecurity Information Sharing Act passes Senate
Dridex malware returns despite DOJ arrests
Google to adopt strictest DMARC policy to fight spam, phishing
Experts say Oracle patches need to be faster
Trend Micro acquires HP TippingPoint for $300 million
Report: CIA director's email hacked repeatedly by high school student
Social media attacks a growing concern for enterprises
Adobe patches Flash zero-day used in foreign ministry attacks
EMV transition: FBI warns while Target opts for PINs
Automating security, privacy in software programming
Cybersecurity strategy needs to be more dynamic, experts say
October Patch Tuesday: The first of 2015 with no zero-day exploits
Chinese hackers arrested at the request of the US
More