President Obama has reportedly decided that the government shouldn't exploit encryption flaws, such as Heartbleed, in most instances unless there's "a clear national security or law enforcement need." But how should that need be determined?
When a former U.S. president acknowledges that he won't use e-mail to correspond with foreign leaders to avoid snooping by the NSA, you know the image of America as a bastion of freedom - at least online - has dropped a few more notches.
Security experts are sizing up the challenges that would be involved in implementing a federal government proposal to continuously monitor employees and contractors with security clearances in hopes of preventing leaks of sensitive information.
Speculation surrounding the cause of the disappearance of Malaysia Airlines Flight 370 hasn't included the possibility of a cyber-attack. But one cybersecurity expert contends hacking an airliner is feasible.
Cosmetics supplies retailer Sally Beauty Supply now acknowledges that fewer than 25,000 records containing payment card data were illegally accessed and possibly removed as a result of a network intrusion.
Phyllis Schneck, the Department of Homeland Security's deputy undersecretary for cybersecurity, equates the department's continuous diagnostics and mitigation initiative with a medical probe detecting an infection in the human body.
In the wake of the Target breach, the University of Pittsburgh Medical Center has ramped up Internet monitoring to detect early if the organization is a target for attacks, says John Houston, UPMC's security and privacy leader.
Many endpoints in the healthcare sector, including medical devices, are being hacked because of inadequate security, according to a new study from the SANS Institute that identified apparent vulnerabilities at 375 organizations.
Because of increasing cyber-attacks against government agencies, the inspector general says it's crucial for the State Department to address the continuing weaknesses in its information security program.
Target Corp.'s revelation that personal information about up to 70 million customers was breached in a recent malware attack raises new questions about Target's security practices and risks to consumers.
Chase Bank's decision to limit daily ATM cash withdrawals on debit cards linked to the Target breach has raised questions among other issuers about whether PINs were, in fact, compromised. Is Chase just being cautious?
The White House is intensifying its effort to get federal agencies to adopt continuous monitoring and move away from the paper-based checklist compliance they've followed for a decade under the Federal Information Security Management Act.