In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
The FBI is reportedly investigating newly discovered "unauthorized code" in the firmware that runs the NetScreen firewalls built by Juniper Networks, which attackers could have been using to remotely access devices and decrypt traffic without leaving a trace.
The Ashley Madison hackers have released a third data dump, and security experts warn that spam campaigns and extortion attacks now target supposed users of the dating site, sometimes demanding bitcoins - or else.
The prices for stolen payment card data and other cybercrime products and services on Russian underground forums continue to fall. But the cybercrime ecosystem is more automated, effective and robust than ever, Trend Micro reports.
Italian surveillance software maker Hacking Team has confirmed that it was hacked and recommends police, law enforcement and government agencies suspend their use of its software, pending a full breach investigation.
Security researchers warn of "Xara" flaws in Apple iOS and OS X that could be used to intercept passwords and banking data, as well as a keyboard app that puts more than 600 million Samsung device users at risk.
While the "Logjam" vulnerability raises serious concerns, there's no need to rush related patches into place, according to several information security experts. Learn the key issues, and how organizations must respond
An army of 40,000 small office/home office routers have been exploited by automated malware. But who's responsible for devices being vulnerable: vendors for using well-known defaults; or distributors and IT managers for not locking them down?
Apple's forthcoming iOS 8 includes a number of useful new security and privacy features, says Symantec threat researcher Candid Wueest. But there are missing features he'd still like to see implemented.
Within one day of the disclosure of the flaw known as Heartbleed, an attacker posing as an authorized user broke into a corporate computer system, exploiting the vulnerability in the OpenSSL protocol, the breach detection firm Mandiant says.
Banking institutions have spent the last two years enhancing authentication to conform to regulatory mandates. Organizations in other sectors can learn important authentication lessons from the banking industry.