There are two Yahoo conspiracy theories: It was hacked by a "state-sponsored actor," and it disabled email forwarding to prevent a post-breach exodus. Although neither scenario appears to be true, that doesn't mean the badly breached search giant is in the clear.
In their quest for easy ways to extort victims into giving them bitcoins, cybercriminals continue to double down on crypto-ransomware attacks and increasingly target enterprises, seeking proportionally higher paydays.
Endpoint protection vendors compete fiercely for customers, and allegations of impropriety are common among rivals. The latest battle pits Sophos against Cylance. Whose version of the story is the truth?
Security leaders say data science is becoming the building block of contemporary security solutions, showing great promise for developing necessary cyber defences. But where and how is data science best deployed?
The annual Infosec Europe conference in London included a number of information security highs and lows, from hackers in hoodies and Guy Fawkes masks to free ice cream and Mikko Hypponen revealing that he too has been pwned.
In the aftermath of a media maelstrom surrounding an alleged hack, the IRCTC flatly denies any compromise, but it's anxious to verify data in police possession, which the authorities apparently have still not shared. Here's the full lowdown.
The Pakistan National Assembly has approved the cybercrime bill under the Prevention of Electronic Crimes Act, 2015. It is a positive move, but given the challenges of execution, there is still far to go in ensuring a cybersecure ecosystem.
Neither the FBI nor Apple looks good in the days following the postponement of a hearing on whether Apple should be forced to help the bureau crack open the iPhone of one of the San Bernardino shooters. The FBI's credibility is being questioned as Apple's security technology is being tarnished.
"We never negotiate" might be the expectation whenever law enforcement or government agencies get targeted by criminals or even "cyberterrorists." But outside Hollywood, the reality too often turns out to be far less rigid.
Common mistakes enterprises make while prescribing a security or information assurance policy may result in big security flaws. CISOs must define security policies that are practical and enforceable, evolved through consensus with the business.
Distributed-denial-of-service attacks on banks are more powerful than ever, but we hear less about them than we did three years ago. How have attackers changed their tactics, and why should we be even more concerned about their strikes?
Is it wrong that accused Lizard Squad hacker Julius Kivimaki, a teenager who was convicted of 50,700 "instances of aggravated computer break-ins" attacks, gets to walk away without having to serve any jail time?
The U.S. Office of Personnel Management breach continues to reveal such staggering levels of information security problems, paper-pushing and seeming incompetence that it's creating a new cyber-espionage category: the "victim-as-a-service" provider.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
A security expert and average consumers respond differently to the eBay breach. As most customers retain a high degree of faith in online merchant security, the expert believes eBay committed a serious sin in its lack of strong authentication.