Yahoo confirms Shellshock-targeting attackers hacked into three of its servers, but claims they didn't exploit Bash flaws. Meanwhile, Lycos denies it's been breached and WinZip isn't responding directly to a report that it was hacked.
Shellshock threats continue to escalate, with security researchers now counting 11 types of exploits that target the Bash flaws. Yahoo, Lycos and WinZip are reportedly among the "Bash attack" victims.
The hackers who breached JPMorgan Chase also infiltrated about nine other financial institutions, and may be operating from Russia, according to one news report. But security experts caution against jumping to conclusions over attackers' identities or motives.
The development of authentication technologies that could replace the password is "nearing a tipping point," but there's still several years of work to do, says Jeremy Grant, who oversees the National Strategy for Trusted Identities in Cyberspace.
The inquiries focus on U.S. Investigation Services, a contractor that conducted security-clearance background checks, and whose computers were breached in August, exposing data on 25,000 federal employees.
Prompted by Heartbleed and other vulnerabilities, the White House is giving the Department of Homeland Security authority to conduct regular and proactive scans of federal civilian agency networks.
Top government leaders express high confidence in the security of state IT systems, which could explain why chief information security officers don't feel they're getting enough money to build stronger IT security.
"Selling spyware is not just reprehensible, it's a crime," says a U.S. Justice Department official. So why are 245 local U.S. law enforcement agencies and prosecutors giving spyware away for free?
The Food and Drug Administration has issued final guidance calling for manufacturers to consider cybersecurity risks as part of the design and development of medical devices. Find out what the agency recommends.
To address the reluctance of federal agencies to move sensitive data to the cloud, the former CISO at the Nuclear Regulatory Commission, Patrick Howard, and his colleague, Michael Rohde, champion a FedRAMP workaround.
A bill introduced in the U.S. House would require that new privacy measures be implemented on the HealthCare.gov website for Obamacare to give consumers more control over their personal data.
The Justice Department announces that four alleged members of an international hacking ring have been charged with stealing intellectual property valued at $100 million, including a U.S. Army Apache helicopter simulator and Microsoft Xbox prototypes.
The CEO of a Pakistani software company has been charged with developing, selling and advertising spyware for illegal purposes. But a legal expert questions whether those charges will stick.
The automated version of the IT risk management and governance framework should save project leaders 30 to 60 hours of work over a manual process of building a secure IT system, ISACA President Robert Stroud says.
As the workforce increasingly relies on mobile devices, corporate privacy and security policies aren't keeping pace. And that's leaving a large gap in organizations' breach prevention strategies.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.