The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.
The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.
More than four million patients had data compromised after attackers hacked into the computer network of Community Health Systems and installed malware, according to reports.
With the help of two unknown co-conspirators, Su Bin allegedly stole trade secrets related to aircraft models from the defense contractors.
A mother says a breach at Rady Children's Hospital revealed her daughter's sensitive medical records.
SUPERVALU and AB Acquisition LLC are working together to investigate breaches that impacted both companies over the same time frame.
Arbor Networks used data from five sinkholes to assess the threat posed by newGOZ, a Zeus variant that steals banking credentials from victims.
In the second quarter of 2014, Verisign researchers noted a spike in volumetric DDoS activity when compared to previous quarters.
The NSA program, called "MonsterMind," is reportedly being developed by the intelligence agency.
The civil liberties groups contend in a brief filed in New York Supreme Court, that warrants and a gag order issued in the case were unconstitutional.
The task force will examine the use of the technology by foreign intelligence agencies and criminals targeting Americans.
Malware has become a threat to virtual machines and, nowadays, should be incorporated into security strategy, according to a Symantec report.
The tech giant's monthly security update includes two critical patches for IE and Windows.
Ten months after German security firm G-Data SecurityLabs released its findings on , researchers at Kaspersky Lab and Symantec have detailed a massive cyber-espionage operation.
A group of security pros called "I am The Cavalry" introduced a five star automotive cyber safety program.
The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.
About two months after botnet takedown efforts, new versions of the malware have surfaced in the U.S. and abroad.
In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.
Being yourself and being able to be yourself were topics discussed at a panel on diversity in information security at DefCon 22.
In order to cause disruption within the stolen data markets of the dark web, its organizational structure must be analyzed, according to one expert at DefCon 22 in Las Vegas.
Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.
A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.
Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.
Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.
Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.
Bruce Schneier spoke on the state of incident response at Black Hat 2014, emphasizing that hackers will invariably breach networks.
Speaker Jason Healey warned that the internet can only endure so much abuse before it's irreversibly damaged.
F-Secure Chief Research Officer and acclaimed security expert Mikko Hypponen discussed the evolution of government-sponsored malware at Black Hat 2014.
Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.
A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.
An insecure home automation protocol allowed the hacker to control room amenities, like lights, TVs and temperature settings.
On Wednesday, Dan Geer delivered his keynote called "Cybersecurity as Realpolitik" at Black Hat.
Hold Security identified a Russian hacker group, dubbed "CyberVor," that is in possession of more than a billion unique credentials.
The guidance gives federal agencies improved assessment procedures for securing their information systems and networks.
An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.
Black Lotus's second quarter threat report attributed the decline in amplified attacks to successful patching and systems upgrades.
Users were lured by phishing emails, which supposedly contained a free Kaspersky mobile security app.
The script for a data sanitization process on the Mozilla Developer Network failed and the email addresses and passwords of thousands of users was publicly accessible.
Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."
According to a ThreatTrack Security study, 74 percent of execs believed that CISOs didn't belong on organization's senior leadership teams.
A threat group operating out of China continues its damage using older exploits, FireEye researchers said.
Trusteer, an IBM company, said the new Citadel configuration was detected this month.
Attackers are brute-forcing remote desktop software to infect point-of-sale devices with relatively new malware known as Backoff.
SC Magazine earned distinction from two trade associations for its editorial content, art direction, use of social media and website.
A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.
Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.
A report from New America OTI found that the NSA surveillance program has had a chilling effect on U.S. commerce and foreign policy.
Vulnerabilities existing in Symantec Endpoint Protection can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.
Out of the 237 disclosed data breaches last quarter, encryption was used in only 10 instances.
An audit of NOAA by the inspector general found security shortcomings, including the link between information systems and satellite systems.
In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.
Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.
Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.
A federal court in New York issued default judgments against 14 companies and individuals who allegedly operated the scams.
Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.
A Lieberman Software survey highlights the issue or poor password management, even among security pros.
Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.
Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.
The 2011 hack exposed the personal information of roughly 77 million users registered with PlayStation Network and Qriocity.
A suit filed in a federal court in Louisiana charges the company with failing to protect personal information and seeks damages on multiple counts.
A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.
A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.
Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.
Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.
On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.
A reported Russian hacker group known as W0rm tweeted on Monday that it had hacked Vice.com and The Wall Street Journal website.
This weekend, the digital rights group released a "hacker alpha" version of its Open Wireless Router software.
CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.
At the HOPE X conference in New York, Daniel Ellsberg and Edward Snowden discussed the importance of keeping government spying in check.
Solutionary's SERT research team analyzed threats for the second quarter for its Quarterly Threat Intelligence Report.
Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.
A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.
An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.
Sentinel Labs dubbed the repurposed malware "Gyges."
A Ponemon Institute survey found nearly a third of IT security teams don't formally speak with company executives, increasing the risk of attack.
In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.
Popular Japanese adult websites have been compromised to distribute the Aibatook banking trojan, a threat that could make its way to the U.S.
In less than a day, over 6,000 infected machines were updated with the new Pushdo variant.
The most critical flaws were in Java and Oracle Database Server.
Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.
An Emulex survey revealed that 77 percent of IT staffers have incorrectly reported the root cause of a security incident to their executive team.
Stephen Su is accused of accessing U.S. firms' systems, including defense contractors Boeing and Lockheed Martin.
Trusteer warns that the financial malware was first advertised last week on a major underground forum.
A man arrested in Germany and extradited to the United States in 2012 pleaded guilty to bank fraud on Friday for his role in a global operation that netted $14 million within 48 hours.
Using phishing emails, attackers are targeting various industries with unique keylogger malware as part of an ongoing campaign, NightHunter, that dates back to 2009.
Nearly 70 percent of critical infrastructure organizations said they experienced a security compromise in the last year.
Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.
In 2013, the banking trojan was deemed one of the most active banking trojans by Dell SecureWorks.
Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.
The Cybersecurity Information Sharing Act of 2014 encourages threat information sharing between government and the private sector.
Lecpetex attackers may have infected up to 250,000 computers, Facebook revealed.
Thousands of infected computers around the world are being used to brute-force point-of-sale systems utilizing remote desktop protocols.
Ninety-six percent of security pros employed AV and anti-malware solutions to protect data from APT attacks, while protections for mobile entry points fell at the bottom of the list.
Roman Seleznev, son of a Russian lawmaker, was picked up in Maldives and taken into U.S. custody in Guam, three years after being indicted.
After purchasing 20 "wiped" Android smartphones on eBay, AVAST researchers were able to restore photos and other personal information.
In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.
CrowdStrike revealed that the attack group is now targeting sensitive data about political affairs in Iraq.
Noting that consumers are being asked to provide more information than ever before and are less protected, the National Consumers League has proposed reforms.
Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.
Frustrated by the NSA dragging its heels on a FOIA request, the EFF takes the NSA to court to secure records on vulnerabilities disclosure criteria.