Nineteen CISOs and security execs at major enterprises provided recommendations in a Security for Business Innovation Council (SBIC) report.
Representatives of the Energy and Commerce Committee have asked the FDA to hire experts to investigate the incident which occurred in October.
With the update, users can employ a patch for a TIFF zero-day, which - when exploited - gives attackers the same user rights as targeted individuals.
Heavyweight software and social media firms, including Apple, Microsoft and Twitter, have joined in on the coalition.
The social networking giant has filed a motion with a U.S. district judge, asking to throw out a recent suit that claims the company was hacking into its members' accounts.
Among 125 law enforcement agencies in 33 states, one in every four use the "tower dump" tactic, new reports reveal.
"Paunch," the believed author of the BlackHole exploit kit, is currently being prosecuted, Russian authorities say.
Microsoft announced on Thursday that its Digital Crimes Unit - in conjunction with the FBI, Europol's EC3 and technology companies such as A10 Networks - has disrupted a botnet that targets search engines and browsers.
With the monthly update, Microsoft will fix a TIFF zero-day impacting users, but not a serious Windows XP flaw under active attack.
Microsoft announced on Wednesday that it would be improving and expanding its security to protect customer data amid growing concerns of government surveillance.
The agency makes use of the sweeping surveillance practice employing a sophisticated tool called "co-traveler," which essentially tracks bystanders interacting with targets.
A lack of budget and resources is opening up enterprises to advanced persistent threats, according to a recent study by the Ponemon Institute.
Researchers discovered a treasure trove of nearly two million pilfered credentials from a variety of companies, including Facebook, Google, Yahoo and Twitter.
After recently impacting banks in South Africa, the malware is now infecting point-of-sale systems throughout the globe, including those in the U.S., a security firm found.
Sheep Marketplace, an illicit drug bazaar available over the Tor network, shut down last weekend after millions in bitcoins were plundered from the website.
Constantly updating technology coupled with the dynamic and evolving nature of data breaches may be stalling notification laws from becoming uniform across the United States.
NTIA, an arm of the Commerce Department, is launching an initiative with the goal of developing a "voluntary, enforceable code of conduct" for commercial use of the technology.
According to Qualys, 39 percent of tested machines contained critical browser vulnerabilities, which users should be particularly mindful of during the holiday online shopping frenzy.
Roughly 175,000 members registered on bitcointalk.org are being discouraged from logging into their accounts following attacks against the popular Bitcoin forum.
Attacks leveraging the Windows XP kernel vulnerability have been targeted, but limited so far, Microsoft says.
A Maricopa County Community College District data breach that affected millions of individuals has ended up costing the education system millions of dollars more.
This month's industry news includes a new CEO at Appthority, recent funding acquired by Lookout, and Catbird's new CTO.
Adobe breach affects 38 million, UK man indicted for hack of U.S. Army network, NIST debuts new cyber security framework, and other news.
Despite being wary of connecting to unsecured hotspots, the majority of respondents surveyed in a report do not take the necessary steps to ensure their information is secure.
Hacktivist collective Anonymous has taken credit for a distributed denial-of-service attack that unintentionally affected a number of Microsoft services last week.
Defunct email provider Lavabit, has filed response to the government, which maintains it acted in accordance with law when requesting the company's master encryption key.
The Bitcoin community has banded together to offer a crowd-funded $10,000 bounty for whoever fixes a Mac OS X Bitcoin LevelDB data corruption issue.
Over the last two months, attackers have opted to spread the malware via the Neutrino exploit kit, researchers found.
Twitter announced on Friday that it has introduced forward secrecy, a type of encryption property that makes decrypting communications close to impossible.
In addition to internet service providers (ISPs) making use of real-time response capabilities, a cyber security report suggested several other steps to stave off threats to the nation.
Last week hackers stole 1,295 Bitcoins - more than a million dollars - from Denmark-based Bitcoin exchange BIPS.
Among the top five concerns were source code leaks, which will make malware threats all the more pervasive, an anti-fraud firm found.
Attackers have concocted a type of social engineering scam that delivers malware by duping people into thinking that their anti-virus programs need to be updated.
Experts shared how organizations can identify saboteurs by interpreting physical cues or nonverbal communication.
Security spending will grow 10 fold in the next decade, a chief research analyst predicts, providing needed investments to address growing surveillance concerns.
Finding ways to bypass or validate digital signatures on PCs and Android-based mobile devices in an attempt to distribute malware is fast becoming a new trend among attackers.
Although it has yet to be discovered in the wild, researchers have uncovered a sneaky piece of financial malware, known as i2Ninja, being sold on a Russian cyber crime forum.
Nearly 42 million accounts from dating website company Cupid Media were reportedly discovered on the same server where hackers stored information stolen from Adobe.
Breaches were by far the most costly incident for global respondents, accounting for more than $860,000 in losses annually at organizations.
Apple released iOS 7.0.4 to address some bugs and also released a developer version of iOS 7.1, which will tackle other issues and add some new features.
In a bid to evade detection, attackers are getting phony anti-virus software onto computer systems by using stolen digital certificates.
According to a letter detailing the event written to the Attorney General, the operation that targeted one of the retailer's Florida stores lasted from August 14 to October 5.
In a new study, 33 percent of small to midsized organizations said they weren't sure how to best describe an advanced persistent threat (APT).
A Wednesday MacRumors Forums breach that affected hundreds of thousands is said to be related to a zero-day vulnerability in proprietary internet message board software vBulletin, which was also attacked last week.
According to an FBI memo obtained by Reuters, hackers exploited vulnerable Adobe software to infiltrate organizations' networks.
More than 12,000 victims have been claimed in less than a full week by a nasty piece of malware known as CryptoLocker, according to researchers.
The backdoor trojan, dubbed "Fokirtor," was discovered in June by Symantec researchers.
For the first time, the Obama administration has publicly addressed security threats to healthcare.gov, including a denial-of-service attack.
After spending the last year and a half in solitary confinement, Jeremy Hammond received the sentencing in a New York federal court on Friday.
A penetration testing firm analyzed publicly reported compromises over the last 10 years.
A 19-year-old man pleaded guilty on Tuesday of conducting an extortion campaign which involved hacking into young girls' webcams.
Starting in 2016, the tech giant will require certificate authorities (CAs) to migrate from SHA-1 to the stronger SHA-2 cryptographic hash function when issuing X.509 certs.
An iOS and Android application that claims to provide free 'likes' and followers to users of Instagram is actually a clever scam.
Barracuda Labs detected that Cracked.com was compromised as of Sunday.
Facebook users are being locked out of their accounts and asked to change their passwords if they shared credentials with a compromised Adobe account.
The planned event, called "Waking Shark II," marks the second year the city of London had participated in the security preparedness exercises.
Researchers with the University of Cambridge revealed just how effective PIN Skimmers can be against mobile devices in a recently released study on the new type of side-channel attack.
The November security release contained eight bulletins for 19 unique vulnerabilities in Windows, IE and Office.
A 42-year-old NYPD detective pleaded guilty on Friday to one count of computer hacking and one count of conspiring to commit computer hacking.
The British intelligence agency used a sophisticated exploitation tool, called "Quantum Insert," to trick telecom workers, a German newspaper revealed.
Visitors to the news portion of Vice.com on Friday evening may have been surprised by a headline that read, "Syrian Electronic Army Was Here."
A U.S.-based website used as a forum to discuss security policy has become host to a drive-by attack that leverages an Internet Explorer zero-day vulnerability.
The Chairman and CEO shared the revelations at Australia's National Press Club.
In a survey of 200 security professionals who deal with malware analysis for U.S. businesses, 57 percent revealed they investigated or addressed a data breach their company never disclosed.
Facebook and Microsoft collaborated to introduce a wide-reaching program that aims to address vulnerabilities affecting open source projects, and the internet.
Microsoft is preparing eight fixes for next week's upcoming Nov. 12 Patch Tuesday, but an update to a recently discovered zero-day vulnerability is not one of them.
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
Silk Road 2.0 has launched on the Tor network about one month after the FBI took down the original illicit online marketplace and indicted its alleged operator, 29-year-old Ross Ulbricht.
A clever phishing email is circulating Brazil, but one researcher suggests this crafty scam will more than likely cross shores to the United States before long.
Now, those who discover mitigation bypass attacks in the wild are up for the hefty bounty, the company announced.
Microsoft issued an advisory on Tuesday warning users of a zero-day vulnerability being exploited in targeted attacks using emailed Microsoft Office documents.
On Wednesday morning, the website showcased items, normally priced for hundreds of dollars, at around $10 to $20.
A researcher posted about a mass, do-it-yourself website-hacking tool that takes advantage of super-specific searches, known as Google dorks.
Yahoo squished the idea of having an official bug bounty program for years, but now the internet corporation has finally lifted its foot.
The agency, which releases cryptographic standards for the security industry, launched the evaluation in light of NSA surveillance revelations
The hacker group that recently impacted tens of millions of Adobe customers is believed to have also compromised data belonging to hundreds of thousands of customers of CorporateCarOnline.
The HealthCare Information Security and Privacy Practitioner (HCISPP) certification program was introduced on Monday.
The goal of the Dark Mail Alliance is to provide secure emailing through distinct end-to-end encrypted protocol and architecture.
Facebook is in the process of testing technology that will monitor what your cursor is hovering over on its site, as well as whether a user's newsfeed is visible on a mobile device.
NSS Labs compared IE, Firefox, Chrome and Safari's protection against phishing and socially engineered malware attacks.
Personnel announcements and M&A activity: Ipanema Technologies, Kabel Deutschland, CrowdStrike, Windward IT Solutions, F5 Networks and more.
This month's news briefs include important advisories issued by RSA and NIST, as well as a critical update released by Microsoft.
It has been slow, buggy and downed since it launched on Oct. 1. Now security professionals explore just how vulnerable the healthcare.gov website really is to attackers.
On Tuesday, Sen. Patrick Leahy, D-Vt., and Congressman Jim Sensenbrenner, R-Wisc., introduced the USA Freedom Act.
The Washington Post published the latest information disclosed by whistleblower Edward Snowden.
Microsoft released its Security Intelligence Report Volume 15 earlier this week and is strongly encouraging users to upgrade from Windows XP.
The web browser update addresses 15 bugs with 10 patches.
Database-as-a-service platform MongoHQ discovered it was the victim of a breach that may have compromised information of its employees and customers.
So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.
The number of Adobe customers impacted by a recently disclosed breach has skyrocketed to about 38 million — more than ten times the number of individuals the company previously announced.
A recent report notes that 23 percent of free Google Play apps contain "madware," overly aggressive mobile adware.
Researchers have determined that a vulnerability, known as HTTP Request Hijacking, can be exploited in several iOS apps.
"The 2013 eCommerce Cyber Crime Report" weighed the business loss incurred by holiday cyber attacks.
The Spanish-language ATM malware, which allowed attackers in Mexico to force ATMs to spit out cash, now has an updated English-language version.
Lauri Love, a 28-year-old UK man, was arrested at his home Friday by British police cooperating with U.S. law enforcement.
Until he presents at a November conference, a 17-year-old researcher told Mozilla that he will not reveal any of the technical secrets behind a piece of malware he wrote for mobile Firefox OS.
A panel shared their views on online privacy expectations given the ever-expanding accessibility of users' data.
Apple users who downloaded the free OS X Mavericks update are receiving a phishing email that appears to come from the tech giant.
A Connecticut man, arrested by the FBI and charged with fraudulently obtaining hundreds of Cisco computer networking parts, is now facing up to 20 years in prison for mail fraud.
A draft of the voluntary framework was released by NIST in support of President Obama's executive order on critical infrastructure security.