The so-called Red October APT gang may have emerged from hiding. Two research firms report finding advanced attacks that target firms across the financial, oil and engineering sectors, as well as government embassies, primarily in Eastern Europe.
Security experts see the FIDO Alliance's release of two universal authentication specifications as a positive move in the effort to eliminate passwords. But the standards' impact will be minimal unless they're widely adopted.
An FTC settlement with a medical billing company shines a spotlight on deceptive practices related to the collection and disclosure of patient's personal health information. What can healthcare providers learn from the settlement?
Networking and cable products maker Belden's purchase of security provider Tripwire signifies an emerging trend in which IT security is being fused into technology wares.
As David Shearer steps in as the new executive director of (ISC)², he inherits a huge challenge: How does the consortium respond appropriately to the global information security staffing shortage?
A recent blog post by Managing Editor Mathew J. Schwartz, "Why Are We So Stupid About Passwords?" raised a number of issues about the ongoing risks involved in using passwords for authentication. Read the strong reaction to the commentary and join the conversation.
A new version of the Destover malware includes a legitimate certificate from Sony. But a researcher claims it's a hoax. Meanwhile, new evidence emerges that the hackers who attacked Sony Pictures Entertainment had criminal - not nation-state - intentions.
It's been a year since the Target breach called attention to the need to ramp up cybersecurity at U.S. retailers. Here's a look at seven important lessons learned since then.
Security experts are sounding warnings that a flaw known as POODLE, revealed Oct. 14, can now be used to decrypt some Internet communications secured using TLS. Vendors have begun describing workarounds and issuing patches.
Ten months after NIST issued a draft report proposing changes on how it develops cryptographic standards, following reports that the NSA tampered with a NIST cryptographic algorithm, the institute has yet to finalize that guidance.
The "wiper" malware attack against Sony Pictures Entertainment has numerous commonalities with previous wiper attacks in Saudi Arabia and South Korea. This infographic summarizes the attacks and highlights their similarities.
Federal regulators have issued a strategic health IT plan that includes five goals, including advancing secure health information exchange. Could more EHR certification requirements and another information sharing and analysis center be in the works?
The sponsor of Senate-approved FISMA reform, Tom Carper, says it's not a done deal because the House has a dispute over which committee - Homeland Security or Oversight and Governmental Reform - has jurisdiction over the legislation.
The latest entrant into the password "hall of shame" is Sony Pictures Entertainment. As the ongoing dumps of Sony data by Guardians of Peace highlight, Sony apparently stored unencrypted passwords with inadequate access controls.
The hacking gang Lizard Squad has claimed credit for knocking Sony's PlayStation Network offline. Meanwhile, investigators continue to suspect North Korea may have launched the recent, "unprecedented" hack of Sony Pictures Entertainment.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.