Legislation to tighten insider threat defenses at the U.S. Department of Homeland Security has passed the House of Representatives and goes to the Senate, which failed to consider a similar measure that passed the House in the last Congress.
Facebook is aiming to make account recovery and password resets more secure with a new, updated approach that eliminates outdated weaknesses such as emailed reset links, SMS messages and security questions.
Nearly three years after the Heartbleed bug - and 600,000 vulnerable servers - was discovered, the vulnerability lives on. The latest scans still count 180,000 at-risk servers. Why won't this bug just die?
An overlooked security setting on Twitter may have allowed a hacker to guess the password-reset email addresses tied to accounts used by President Donald Trump, first lady Melania Trump, Vice President Mike Pence plus a top adviser. What's the risk?
This ISMG Security Report leads with comments from President Donald Trump that suggest the U.S. military will take the lead in defending civilian-owned critical infrastructure. Also, how insider defenses changed since Chelsea Manning's WikiLeaks data dump.
President Barack Obama has shortened the sentence of U.S. Army leaker Chelsea Manning, who passed classified documents to WikiLeaks. The move comes as the government grapples with the nuances of data leaks.
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
Leading this latest edition of the ISMG Security Report: The growing momentum in Congress to establish a select committee to investigate breaches the American intelligence community has tied to the Kremlin to influence the U.S. presidential election.
Organizations in all sectors need to be aware of newly emerging insider threats, including those tied to the dark web, Michael Theis of Carnegie Mellon's CERT Insider Threat Center explains in this video interview.
To combat breaches involving insiders, organizations need to limit employees' access to data and more closely monitor access activity, security expert David Gibson of Varonis says in this video interview.
Internet of things security takeaway: Save yourself, and by doing so, maybe help save the rest of us too. That's the obvious takeaway from the rise of low-tech, high-impact Mirai malware, which has been tied to the record-setting Oct. 21 DDoS attack against Dyn.
There are two Yahoo conspiracy theories: It was hacked by a "state-sponsored actor," and it disabled email forwarding to prevent a post-breach exodus. Although neither scenario appears to be true, that doesn't mean the badly breached search giant is in the clear.