The vulnerability was found in two programmable gateway devices often used by auto, food and manufacturing businesses in the United States. Meanwhile, a new study shows attacks against utility companies are growing.
Edwin Vargas, 42, was arrested on Tuesday for allegedly buying email login credentials and cracking fellow officers' email accounts.
The 100-page report mostly addresses alleged Chinese cyber espionage operations, and suggests it's time for U.S. government agencies and corporations to consider more proactive approaches, possibly including hack-backs.
Attackers who raided Google in 2010 to learn information about Chinese human rights activists were also trying to gain insight on which Chinese intelligence agents were on the radar of U.S. authorities, according to a report.
While a major attack has yet to take place on the U.S. energy sector, now is the right time for these critical infrastructure providers to ready their defenses.
The bill would provide consumers nationwide with similar protections already enforced by a California law.
After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.
The software giant is trying to put the brakes on a serious flaw that is being leveraged as part of possible espionage campaign against U.S. energy workers.
Defence Minister Peter MacKay has committed $20 million to fund projects aimed at making Canada safer from cyber attacks.
Canadians are about to get their first comprehensive look at the extent of cyber crime on domestic business.
More than 2,000 USB keys were replaced after a hard drive and key went missing.
Privacy concerns are driving Canadians away from smartphone apps and online services.
An intruder gained access to the U.S. Army Corps of Engineers' National Inventory of Dams (NID) in January, according to a spokesman for the military command.
As nations engage with one another in shadowy conflicts taking place in the digital sphere, experts are questioning whether treaties and rules that were created for kinetic fighting apply to a new era of combat.
This month's news briefs cover recent headlining bits on the malware that struck South Korean companies, a new law requiring federal agencies to review IT equipment sourced from China, and more.
Employees lack the training to collect and preserve email and electronic evidence.
The rule may help leaders better understand the impact of cyber risks, says PwC's David Burg and Laurie Schive.
Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.
AT&T and CenturyLink were given legal immunity to turn over threat-related data on their networks to the government.
The American Civil Liberties Union has filed a complaint with the Federal Trade Commission over several major carriers' alleged sluggish patching practices, a concern for enterprises as BYOD pervades the business world.
In a bipartisan victory for a measure that would formalize threat intelligence sharing, the U.S. House passed the bill in a 288-to-127 vote, drawing more Democrats than when a version was approved last year. CISPA now moves to the Senate.
The president recommended that $4.7 billion be allocated to the Pentagon for cyber initiatives in the fiscal year beginning Oct.1. That includes earmarks for offensive missions.
The amendments to the threat intelligence sharing bill would have tightened controls around the corporate release of personally identifiable information to three-letter agencies, including the NSA.
Several U.S. trade groups also have objected to the provision, part of a recently passed appropriations bill, which bars certain federal agencies from buying IT tech gear produced by Chinese government-related companies.
The state, no stranger to pioneering data security and privacy legislation, is at it again with a proposed measure that would force companies to be transparent about with whom they are sharing customer information.
The rule, part of a general appropriations bill signed by President Obama last week, comes following growing evidence of China's organized cyber espionage operations.
In this month's debate, two experts discuss whether or not China is the top cyber threat to the United States.
This month's news briefs includes recent news on Mandiant uncovering China's cyber espionage efforts, security firm Bit9's breach, and the Obama administrations latest efforts on combating the theft of trade secrets.
Espionage and fraud in cyber is not an armed conflict, says SystemExpert's Jonathan Gossels.
In a matter of weeks, an Arizona federal judge is expected to decide whether the FBI illegally caught an accused fraudster.
Phishing attacks were among the top 12 schemes hatched by tax season scammers.
According to the legislation, the review process will quell cyber espionage threats from China.
The bill draft, which is in a preliminary stage, included harsher penalties for Computer Fraud and Abuse Act violations.
Senators say current provisions of the Electronic Communications Privacy Act give law enforcement too many liberties when accessing the electronic communications of Americans.
Cyber Command Chief Gen. Keith Alexander is now assembling 13 teams of IT experts for this purpose.
After intense opposition from the public, the Canadian government pledged to not introduce additional legislation to monitor online activity.
The Canadian government should to make it mandatory for utility companies and others to tighten security, a former official told a security conference.
The nascent partnership between a Chinese development group and an entrepreneurial hub funded by three levels of Canadian government has raised concerns from an outspoken former security adviser to Nortel Networks.
For those of us who have been pursuing an effective public-private threat sharing mechanism, there's hope that maybe this time a program will be developed that effectively accomplishes this task.
Attackers behind the MiniDuke spy campaign have targeted government entities and other organizations around the world since at least 2011.
Offering up more general guidelines to strengthen the country's critical infrastructure security - as in the president's recent executive order - is all well and good, but without any meaningful and enforceable requirements then, really, what's the point?
The European Union is close to implementing an information protection law that will homogenize the responsibility of all of its 27 member states, which could have a ripple effect in the U.S.
This month's featured debate informs whether the FTC should have the right to penalize companies for poor data security/privacy practices.
Industrial control systems remain troublingly vulnerable to both internal error and outside intruders, reports Danielle Walker.
Microsoft's Scott Charney isn't ready to wave the white flag of surrender. In fact, he believes the security profession has done an admirable job, and there's reason to be confident that the future is bright.
The consumer protection agency said vulnerabilities and the "insecure implementation" of diagnostic software propelled action against the American division of the mobile device maker for a number of security shortfalls.
Cyber criminals are repurposing data-stealing trojans, once used primarily to steal banking information, to collect intellectual property, which can be sold for a higher price tag, according to a McAfee study.
The news comes after a detailed report emerged that U.S. firms were the target of Chinese government-backed espionage operations.
Lawmakers have begun debate on the controversial threat information-sharing bill known as CISPA, which would complement the president's cyber security executive order. But it has a host of privacy objections to clear first.
On Sunday, Anonymous said it hacked the Fed, before exposing the data of 4,000 bankers. Now, it appears the claims are true.
The Canada Revenue Agency (CRA) has unnerved privacy experts with a change to its electronic tax-filing policy: It has removed several authentication requirements for electronic filers.
Human Resources and Skills Development Canada (HRSDC), a department of the Government of Canada, was reeling last month after the personal data of 583,000 Canadians was lost on a portable hard drive.
Several hundred employees and contractors at the U.S. Department of Energy were compromised in the breach, though reportedly no classified information was accessed by hackers.
Sen. Stuart Reid (R-Utah) began drafting the bill last year, following a massive breach in the state of nearly 800,000 Medicaid records.
Over the next two years, cyber security will join the shortlist of hot-button agenda items set for debate and discussion in Congress.
Security pros should be less secretive, says New York City CISO Dan Srebnick.
The United States has established itself as a major force in a new era of combat, but what repercussions do state-sponsored actions in cyber space have on all of us?
The rise in Department of Defense ranks, from around 900 to 4,000 military and civilian personnel, comes in the face of a growing digital threat. But is there a deeper reasoning behind the expansion?
The "Cyber Targeted-Attack Analyzer" program would examine data sources across DoD's entire network to aid in threat detection.
Researchers said that domain names associated with the attack infrastructure were shut down soon after the spy campaign came to light.
The Florida Department of Juvenile Justice said the device was neither encrypted, nor password protected.
Researchers at Kaspersky believe the Red October campaign, which is spreading a data-sucking trojan known as Rocra, dates back at least five years, and is still ongoing.
The cozy relationship between national security reporting and the United States government was back on full display Wednesday with a story from the New York Times, headlined "Bank hacking was the work of Iranians, officials say."
The namesake of security company McAfee, who returned to the U.S. less than a month ago, now claims he used cyber espionage tactics to uncover corruption among the power players of Belize.
The Hospice of North Idaho will pay $50,000 to the U.S. Department of Health and Human Services following a breach that affected 441 patients -- an indication that the agency is not letting even small incidents slide.
The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like.
Compliance brings with it the stigma of cost, complexity and confusion, but viewing it from a risk point-of-view may help make it more tolerable.
White House sources believe President Obama will hold off until the new year to take action on a federal cyber security initiative.
Researchers have discovered vulnerabilities in Global Positioning Systems that could cripple the infrastructure critical to military navigation.
Following a breach that resulted in the exposure of millions of Social Security numbers, South Carolina's inspector general wants the state to adopt a more centralized approach to information security.
From stealthy to blatant tactics, 2012 has seen them all.
2013 may be the year that U.S. companies strike back at their cyber adversaries, says Taia Global's Jeffrey Carr.
Comprehensive cyber security legislation (or a presidential executive order) will happen in 2013.
A new memo from President Obama announces minimum standards for insider threat programs implemented by federal agencies.
Public Safety Canada and the U.S. Department of Homeland Security launched an action plan last month to back up a February 2011 border security partnership.
The Canadian government has unlocked $155 million in funding to bolster cyber security, just as the Auditor General issued a negative report.
Wyndham's request that an FTC security complaint be dismissed, was met with a follow-up response from the commission.
As the probe deepens into the massive hack of the South Carolina Department of Revenue, forensic investigators have concluded that as many as 657,000 businesses may also have been impacted.
EMC has acquired Menlo Park, Calif.-based online fraud detection provider Silver Tail Systems. Silver Tail, which offers "real-time web session and behavioral analysis" for banking, e-commerce and government customers, will operate as part of RSA, EMC's security division.
An "open-redirect" vulnerability has allowed scammers to phish several thousand people using shortened links to legitimate government websites.
Canada is not saying whether it will block Chinese firm Huawei from bidding on a secure communications network, after imposing a national security exemption on contract tenders
The provincial government of British Columbia has fired four employees and suspended three others after allegations that health data was shared inappropriately.
Researchers believe watering hole strategies, where attackers compromise sites visited by their targets, are used to steal personal information and set the stage for spear phishing attacks.
We must resolve issues around data sovereignty, says Capgemini's Joe Coyle.
Isn't Wyndham Hotels and Resorts culpable for failing to enlist industry standards and implement security practices and tools to protect customer accounts?
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates have agreed to pay $1.5 million to settle potential HIPAA violations.
A 14-member gang alleged to have used stolen identities in a tax refund scheme have been charged in five criminal complaints with conspiracy to defraud the United States and other counts of theft of government property.
A Minnesota woman accused of distributing music via the Kazaa file-sharing site has been fined $222,000 in the first music copyright infringement case to reach a jury.
The head of the NSA, the entity many consider to be the prime culprit in the "surveillance state," sought to persuade the crowd at the annual DefCon hacker gathering to enter government service.
The ability to marry physical and logical security controls is maturing, which means companies can find efficiency wins, while in the process lowering their risk profile.
President Obama now is considering an executive order to breathe some life back into the Cyber Security Act of 2012 with the goal in mind to protect the country's critical infrastructure.
The head of the Canadian Security Intelligence Service (CSIS) offered the agency's assistance to Public Safety Minister Vic Toews to make the government's controversial internet surveillance bill more palatable.
The Canadian government enacted a national security exception to bar foreign IT companies from bidding on the construction of its new telecommunications system.
Thousands of U.S. Environmental Protection Agency employees had their personal information exposed through a database breach.
Although it appeared as if another year would go by without any action on cyber security legislation, President Obama may turn to an executive order to implement new policy.
Senate Republicans on Thursday defeated a bill that would have asked critical infrastructure operators to meet voluntary cyber security standards. Some Democrats also disagreed with the measure, saying it didn't go far enough to protect privacy.
The increasing connectedness of infrastructure increases the cascading effect an attack can have on other infrastructure sectors and capabilities.
Only through collaboration can government and the private sector thwart cyber attacks, says Raymond Choo.
Consensus needs to be developed around how critical infrastructure is defined, says Mark Clancy, managing director and CISO for The Depository Trust & Clearing Corp.
Sensing that the now-revised Cybersecurity Act of 2012 has a chance at passing in the Senate, a number of senators are rushing to include amendments, which includes added privacy provisions and a federal breach notification clause.
