British police over the course of this week launched 25 cybercrime-targeting raids and made 57 arrests, including suspects who have been tied to a U.S. Defense Department network intrusion, Lizard Squad attacks, as well as a massive Yahoo breach.
Attacks are larger, adversaries more diverse, and damage is broader. These are characteristics of today's DDoS attacks, and organizations need a new approach to protection, says Verisign's Ramakant Pandrangi.
Weaponized roller coasters? Kidnappers hacking babycams? Forget over-the-top "CSI: Cyber" hacking plots. The hackers behind the Rogers ISP breach, in their quest for bitcoins, claim they wielded nothing more serious than a telephone call.
The CEO of Bit9 speaks from experience: His firm was hacked, sensitive data stolen and customers put at risk. And what's happened since represents his mission to fend off attackers, even as they refine their hacks.
Many Apple and Android devices are vulnerable to a TLS/SSL "Freak" flaw, which could be exploited to subvert secure Web connections. The flaw is a legacy of U.S. government export restrictions on strong crypto.
Information on 50,000 drivers for ride-sharing service Uber was breached in May 2014, the company discovered in September and announced on Feb. 27. Uber has launched a related lawsuit and is seeking records from code-sharing website GitHub.
SIM card manufacturer Gemalto says its investigation into a reported U.S. and U.K. intelligence agency espionage operation found that its internal networks housing encryption keys weren't breached. But security experts question those findings.
Hackers have been stealing the secret trading algorithms that are the lifeblood of many hedge funds and high-frequency trading firms, according to two security companies. What can be done to mitigate the risks?
The hacking group Lizard Squad has claimed credit for hijacking the website of Lenovo.com and redirecting visitors to an attacker-controlled site. It also indicates that it's now sitting on a cache of stolen Lenovo e-mail messages.
Authorities have disrupted a botnet that was serving up the Ramnit banking malware, which has infected 3 million PCs worldwide. But information security experts warn that the disruption will likely be temporary.
Lenovo says it is working to remotely delete Superfish adware that it preinstalled on many laptops for consumers. But US-CERT warns that many products use the Komodia root certificate that is triggering security warnings.
Manufacturers of PCs and mobile devices must end the practice of preloading "bloatware." Lenovo's experience with offering "free" adware shows the hidden security and performance tradeoffs buyers must endure.
Some security experts contend that users of numerous types of Lenovo PCs and laptops are at risk of having their encrypted traffic get intercepted because of installed-by-default Superfish adware, which handles digital certificates insecurely.