Millions of Android devices - as well as desktops and servers - are at risk from a newly disclosed flaw in the Linux kernel that a malware-wielding attacker could exploit to seize full control of the device.
New proposed FDA cybersecurity guidance is an important step in getting medical device manufacturers more focused on the risks posed by their products as they're used in healthcare settings, security experts say.
Casino operator Affinity Gaming has sued incident response firm Trustwave, alleging that the firm failed to fully eradicate and "contain" the 2013 data breach and payment card malware outbreak that it was hired to remediate.
Cryptocurrency exchange Cryptsy has revealed that it suffered a 2014 hack attack that now leaves it insolvent. The exchange is appealing to its attacker to return the stolen bitcoins, worth $5 million today - no questions asked.
The FBI is investigating the point-of-sale malware breach at hotel chain Hyatt, which says related infections stretched for four months and affected 250 hotels worldwide. But Hyatt has yet to reveal how many customers or payment cards were compromised - or how attackers got in.
Microsoft has patched a new, critical remote code execution vulnerability affecting all versions of Internet Explorer, but it's now only supporting and patching IE 11 and Edge. Potentially, several hundred million users of old IE versions are now at risk.
In response to banking institutions' requests for clarification of the Cybersecurity Assessment Tool, the Federal Financial Institutions Examination Council is taking a preliminary step that could lead to refinements.
A federal official's comments this week that the government is "ending" the HITECH Act's "meaningful use" incentive program for electronic health records is raising numerous questions, including what's next for health data privacy and security regulations.
Networking vendor Fortinet refutes a researcher's assertions that there is an SSH "backdoor" in the FortiOS firmware that runs its devices. Many experts say that while the patched flaw looks unintentional, it might still serve as a backdoor.
European police have arrested a "main target" as part of a previously undisclosed law enforcement effort, dubbed Operation Pleiades, against the distributed denial-of-service attack gang called DD4BC, or "DDoS for Bitcoin."
BankInfoSecurity announces its fourth annual list of top influencers, recognizing leaders who are playing significant roles in shaping the way banking institutions and financial services companies approach information security.
A team of cryptographers has found that the random-number generator Dual_EC - known to have been backdoored by the NSA - was added to Juniper's ScreenOS firmware around 2008 and is still present, although the networking giant has promised to soon replace it.
To help remove perceived obstacles, federal regulators have issued new guidance on patients' rights under HIPAA to access their health records. Find out what the guidance says about the use of unencrypted email and other key issues.