The breach of Hong Kong toymaker VTech highlights security experts' growing concern over manufacturers selling devices - for enterprises, medical purposes, schools as well as homes and now toy boxes - that don't appear to be secure by design.
Consultant, venture capitalist, retired chairman of RSA. Art Coviello plays many roles, and through them he has a unique view on how the information security marketplace is taking shape for 2016. Who does he see as the winners and losers?
The Chinese government concedes the attack on U.S. Office of Personnel Management computers emanated from China, but it contends the culprits were criminals, not individuals working for the Chinese government or military. Some experts in the United States aren't buying the Chinese government's explanation.
Target Corp. has reached a proposed $39.4 million settlement with a group of financial institutions that sued the retailer over fraud losses and expenses suffered as a result of Target's December 2013 data breach.
In its latest report to Congress, the HHS Office of Inspector General spotlights recent efforts to combat healthcare fraud and pinpoints how data security can be improved at several agencies within HHS.
Malware: How does it work, who built it and what - or who - is it designed to target? Answering these types of questions is a job for Marion Marschalek of Cyphort, who reverse-engineers malicious code for a living.
In the second largest financial penalty ever issued as part of a HIPAA resolution agreement, federal regulators have smacked Puerto Rico-based health insurer Triple-S Management with a $3.5 million fine as a result of multiple breaches. It's the company's second large fine from a government agency.
The security of Internet-connected toys is in the limelight after toymaker VTech acknowledged suffering a data breach that affects 5 million accounts and personal information and photographs relating to more than 200,000 children.
A security incident involving keystroke logging malware that apparently started at a Kentucky hospital three years ago - but was only recently discovered after a tip from the FBI - offers a reminder of the urgency of keeping anti-malware protection and mitigation efforts current.
While cyberattacks will continue to menace healthcare and other business sectors next year, organizations can't afford to overlook addressing risks tied to insiders, who are responsible for most data breaches, says Michael Bruemmer of Experian Data Breach Resolution.
Business email compromise attacks are becoming more sophisticated and pervasive, and smaller businesses in English-speaking countries are proving to be the most common targets, says PhishLabs' Joseph Opacki, who calls on banks to show customers examples of the schemes.
Legislation pending before both houses of Congress, if enacted, would change a nearly 30-year-old law to require the government to obtain a warrant to access the content of emails that are 180 days old or older. Why do some agencies oppose the proposal?
Ireland's Cyber Crime Conference in Dublin drew a capacity crowd for a full day of security briefings, networking, hotly contested capture-the-flag and secure-coding challenges, as well as a chance to sharpen one's lock-picking skills.
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
The FBI is pursuing a suspected Russian hacker who reportedly amassed a trove of 1.2 billion stolen online credentials, plus payment card data and Social Security numbers, and who's offered access to hacked Facebook and Twitter accounts.