The group's Center for Secure Design released a report detailing how to avoid common design flaws.
Under the agency's COPPA ruling, website that collect personal information on its young users must receive parental consent before doing so.
A variant of the BIFROSE backdoor which is more evasive than its predecessor has been discovered by experts.
Under its new protocol, app developers are prohibited from selling users' personal health information.
During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.
Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.
Researchers at Kaspersky Labs analyzed the evolution, slight as it might be, of the NetTraveler toolkit.
The MS14-045 update caused some users' systems to crash, and in response, Microsoft pulled the update.
The warning comes soon after the Secret Service and DHS issues a warning on the threat.
The website of Racing Post was hit by a SQL injection attack in October 2013, enabling an attacker to access a database including information on 677,335 customers.
The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.
The bill would prevent companies from selling students' data and profiting from it.
The suit claims the hospital operator failed to meet security standards to protect the personal information belonging to patients.
More than 300 companies are being warned to check their systems after at least 50 oil companies confirmed that their systems were attacked.
Several financial institutions are reporting payment card fraud activity on credit and debit cards used at various Dairy Queen stores around the country, according to Brian Krebs.
Two nude models' photos reeled in unsuspecting victims who handed over their Facebook logins to gain access to adult material.
James Raj Arokiasamy, known as "The Messiah," now faces a total of 162 charges stemming from a string of attacks he conducted.
More than 1,000 analysts at 23 U.S. government agencies have had access to more than 850 billion records courtesy of NSA's ICREACH, a search engine similar to Google.
A patent that has recently been granted to Twitter reveals how the social media giant plans to block mobile malware from affecting its users.
The routers are sold in China under the Netcore brand name, and elsewhere as Netis products.
Starting July 2015, all smartphones sold in the state must come with the anti-theft technology.
Claiming funding from the federal government and an endorsement by President Obama, a debt relief program coerced private data from consumers.
A researcher at Fortinet has revealed more details about iOS/AdThief, which hijacks revenue through jailbroken iPads and iPhones.
Anonymous confessions posted on a popular app, called "Secret," were susceptible to being exposed via a hack.
The personal information of up to 25,000 government workers may be at risk after U.S. Investigations Services (USIS) was breached.
Up to seventy percent of the population aged between 15 and 65 might have had their names, resident registration numbers, account usernames and passwords stolen.
The Metropolitan Police have reportedly lobbied for two years to enact the standard.
The man accused of creating Silk Road - a black market existing on the Deep Web and accessible through the Tor network - is facing new charges from federal prosecutors.
A spam campaign involving the Carbon Grabber crimeware kit is ongoing against the automotive industry in Europe, according to Symantec.
A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.
Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.
GMR Transcription Services in California agreed to settle FTC charges related to its security practices.
More than 12,000 messages have been sent to more than 400 companies as part of a phishing campaign targeting users of Bitcoin wallet Blockchain.info.
Eight months after the enactment of a new California privacy law, AOL clarified that it does not respond to web browsers' "Do Not Track" requests.
Following a major breach at the hospital provider, security experts analyzed its network and discovered malware infections dating back to January.
A recent study found that the number of attacks during the two conferences increased to about 130 times the usual amount.
The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.
The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.
As breaches hitting the health care industry continue to ramp up, more than 30 million individuals have been affected by these incidents thus far.
Anyone that used a credit or debit card at Mizado Cocina between May 9 and July 18 may have had their data compromised.
A couple weeks after Hold Security's initial discovery of the stolen logins, the Federal Bureau of Investigation is conducting its own review.
Yet another clone of the nefarious ransomware CryptoLocker has been detected by security experts.
Roman Seleznev's attorneys requested that the hacker be released on bond, but their pleas were rejected this past week.
The vulnerability comes into play when Instagram users search for Facebook friends to "follow."
After acquiring SaaS email security provider Maildistiller, Proofpoint is ready to expand its European team.
In a move to keep up with the evolution of connected devices, Symantec has announced that its Norton security software will be rolled into one suite.
The separate attacks were carried out by at least two foreign entities, who might have been able to access sensitive documents and details on U.S. critical infrastructure.
HTTP Shaming was created by a security consultant to call out apps and web services that put user information at risk.
Phishing campaigns are being leveraged by attackers to reach victims and collect email logins, as well as infect their machines with malware.
After some users noted issues with this month's update, Microsoft opted to remove the links while it investigates the problems further.
Google's Safe Browsing service will be expanded to protect Chrome users from downloading and installing software that makes unexpected changes to a computer.
Coordinated attacks on Israeli websites were confirmed this weekend, but none of the attacks caused serious damage.
An Android RAT known as Krysanec, which can take photos, record audio and steal data, is being spread through modified legitimate apps.
A former student of the University of Missouri-Kansas City has pleaded guilty of harassing a faculty member for months through threatening emails.
Researchers have discovered a variant of one of the most active banking trojans, Bugat, that features new attack techniques taken from the Gameover Zeus malware.
Five individuals were charged on Wednesday for their roles in a scheme that resulted in a financial institutions reporting millions of dollars in losses.
Trustwave's "2014 Business Password Analysis" indicates that strong authentication policies have yet to be implemented at organizations.
A phishing campaign that mirrors earlier attacks lets victims choose the amount of an IRS refund.
The Twitter account of Russian Prime Minister Dmitry Medvedev was hacked on Thursday to state, among other things, that he was resigning.
Yair Shalev and his company, Kobeni Inc., sent deceptive emails to consumers that led to advertisements for insurance providers.
New facial recognition software aided the FBI in arresting a fugitive who was on the run for nearly 15 years.
SynoLocker attackers said the database of keys was available for $100,000.
Despite a patch issued four years ago, a vulnerability in XP, Vista, WIndows 7 and Windows Server 2001/2008 is still a threat.
Apple has released version 6.1.6 and 7.0.6 of its Safari browser following patched vulnerabilities recently discovered by its researchers.
In a multi-challenge contest security researchers uncovered vulnerabilities and hacked into routers at the DefCon conference in Las Vegas.
The National Bureau of Investigation (NBI) warned that the incident showcases the growing incidence of ATM skimming fraud.
The DEA paid an unnamed Amtrak secretary more than $850,000 for passenger information that it could have attained for free.
On Tuesday, Adobe released fixes for seven critical bugs in its Flash Player plug-in.
The mobile security vendor will use the funds to extend its security platform to the enterprises.
TEC Industrial, a Tennessee-based electrical company, has sued TriSummit Bank following a cyberheist that stole $327,804 from the firm.
The teenage student know as "Li," created an app that has already infected at least 100,000 phones.
A hacker that gained privileged access to a Canadian ISP's network hijacked net traffic from foreign networks to steal more than $83,000 in virtual currency.
A court has approved a plan for Schnucks to reimburse shoppers affected by a 2013 data breach.
After a disastrous rollout of healthcare.gov, the White House has put together a team of private sector gurus to improve federal websites.
Gamma International distributes FinFisher, spyware allegedly used to target dissidents in nations overseas.
In an effort to bolster security on the web, Google has announced that it will boost the search engine ranking of sites that use HTTPS encryption by default.
In a continuing effort to move away from U.S. products in favor of homegrown technology, China has removed Apple products from its procurement list.
SMU will offer the first graduate level program aimed at closing the skills and competencies gaps for senior security and risk professionals.
IBM continues to beef up its security portfolio by acquiring cloud security services provider Lighthouse Security Group.
At DefCon 22 in Las Vegas, Nir Valtman discussed how far bug bounty programs have come in nearly 20 years.
At Black Hat 2014, Ertunga Arsal demonstrated how he can gain admin access to SAP systems, steal payment card data and reroute payments.
The acquisition is predicted to help grow Gemalto's operating profit by 10 percent in 2017.
Websites using HTTPS will be given higher priority in searches.
A researcher has discovered vulnerabilities in WordPress and Drupal that enable XML denial-of-service attacks.
Yahoo will implement end-to-end mail encryption for its users by next year, according to an announcement made by its CISO.
Freya Newman leaked information that proved that Frances Abbott, the prime minister's daughter, was receiving a large scholarship to a private school.
Two USIS clients, the Department of Homeland Security and the Office of Personnel Management, have suspended their contracts as a result of the incident.
Joseph W. Langford is suspected of breaking into a Webster State University computer lab and accessing computers to steal test materials.
Olanrewaju Abiola pleaded guilty to conspiracy to commit access device fraud and faces a maximum prison sentence of five years.
The nonprofit group which run Wikipedia was notified by Google of links removed from its search results.
Experts have caught on to a pharma spam campaign that leverages Twitter's link shortening service to send users to pages touting bootleg drugs made in India.
FireEye and Fox-IT have teamed up to create a free decryption tool that offers keys to those whose files have been encrypted by the ransomware.
A spike in phishing attacks has been identified by security experts in the month of June, which resulted in more than $400 million is global losses.
A report reveals that 87 percent of the top paid iOS apps exhibit at least one risky behavior, whereas only 77 percent of the top paid Android apps did the same.
John Henry Skillern was arrested this past week after Google found an explicit image of an underage girl in his email.
The massive data breach of Minneapolis-based Target may end up costing the company $148 million.
The company elaborated on it June breach and said that 33 of its locations around the U.S. were affected.
Poweliks abuses Windows PowerShell to try to remain undetected.
The Black Hat conference schedule no longer includes sessions on home insecurity and dissecting the Snake malware campaign.
Clicking on links to free streams of summer flicks such as 22 Jump Street and Transformers: Age of Extinction could lead to adware and malware.