WordPress says users of versions 3.9.2 and earlier of its website content management software need to patch a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
Stealth espionage malware known as 'Regin' or 'Regis' has been targeting government agencies, businesses and research institutes, with Russia and Saudi Arabia as prime targets, researchers say. But it's unclear what nation is behind the attacks.
Citadel financial malware has been upgraded to steal master passwords for software designed to securely store lists of usernames and passwords, according to IBM's Trusteer unit. Security experts offer insights on how to respond to the threat.
A Russian website is streaming live footage accessed without authorization from cameras around the world. The exposure highlights the dangers of weak passwords and the need for organizations to vet the security settings of all Internet-connected devices.
Retailers cannot avoid innovation. Yet, cybercriminals thrive when retailers innovate. What, then, can retailers do to stop cybercriminals from breaching their defenses? Here are three key questions to answer.
The director of the National Security Agency, Navy Admiral Michael Rogers, says he expects to see adversaries launch a cyber-attack in the next few years aimed at severely damaging America's critical infrastructure.
Security experts warn of an increased risk that terrorists will disrupt the financial sector via cyber-attacks. In response, law enforcement authorities who monitor U.S. and U.K. financial markets plan to embed employees in each other's organizations.
Cybersecurity specialists need to learn to think like an adversary in order to develop sound defense strategies, says Greg Shannon, chief scientist at the CERT Division of Carnegie Mellon University's Software Engineering Institute.
Testifying at a House hearing, a U.S. Postal Service official defended the delay in notifying USPS workers of a breach that exposed Social Security numbers, contending authorities initially didn't know what data was pilfered.
Microsoft has issued an emergency fix for a vulnerability in Windows Kerberos that is being exploited via in-the-wild attacks. Attackers can leverage the flaw to gain all-access rights to anything inside an Active Directory Domain, experts warn.
Put together, two IRS audits illustrate a major concern many security pros have about FISMA audits: They're checklists of whether organizations comply with regulations that require specific processes but do not determine if the processes are effective.
From PCs to tablets to smartphones, customers enter institutions from all electronic angles. And these new banking habits put new strains on traditional IT infrastructure. How can banks ensure security?
Foreign spy agencies have powerful incentives to hack U.S. government IT systems, and that won't change, experts say, as they react to suspected Chinese involvement in the breach of National Oceanic and Atmospheric Administration websites.