Attackers could abuse flaws in Android's Stagefright media library to seize control of almost 950 million devices, just by sending a text, a security researcher warns. But will most devices ever see related fixes?
The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age, whether it comes to online dating or the Internet of Things.
Does your organization really have a clear idea of what measures your business associates are taking to safeguard your most sensitive data? Yet another breach, this one affecting Arkansas Blue Cross Blue Shield, points to the risks.
President Obama proposes spending more money on cybersecurity, replacing government agencies' antiquated, unsecured systems. But what really needs to be done to thwart breaches, like the hack attack against the Office of Personnel Management?
Breached dating website FriendFinder allegedly missed email warnings from security researchers that its site had been breached and customers' data was being sold on a "darknet" site. What can other businesses learn from that apparent mistake?
In the wake of recent alerts about infusion pump security vulnerabilities, now's a good time for all healthcare organizations to reassess their basic practices for keeping medical devices secure and safe. Check out what the VA is doing.
Ed Felten, the new federal deputy chief technology officer, hasn't been shy about criticizing the federal government, whether it's about the NSA undermining encryption standards or the FBI not being entirely transparent on malware warnings.
In the wake of the breaches suffered by JPMorgan Chase, Sony and Anthem, attack attribution and information sharing are playing more prominent roles for banking leaders, and they will be key discussion points at the upcoming RSA Conference 2015 in San Francisco.
Application security is not keeping pace with evolving attacks, says Prasenjit Saha, a CEO at the consultancy Happiest Minds Technologies. One problem: lack of a standard, secure coding process in the application development life cycle.