In June 2014, a Russian soldier posted on a social-media site a photo of himself standing in front of a military convoy against a nondescript background of hills, fields and scattered houses. It probably never occurred to him that such an innocuous image could become part of an increasingly detailed case being assembled in a bid to prove the Russian government has been lying when it denies militarily involvement in eastern Ukraine.
The U.S. Army is seeking to equip its cyber warriors with cutting-edge networking hardware, and...
A Virginia man serving 10 years for possessing child pornography says the images found on...
The founder of one of the Dark Web's fledgling search engines is warning Tor users about the...
Cyberspace is being accepted throughout the U.S. Army as a warfighting domain. However, many soldiers outside of the U.S. Army Signal Corps do not grasp the concept of cyberspace as an operational realm. Empowering them with that understanding is essential to operational success.
I want to talk about a vulnerability disclosure trend that I have recently noticed – a trend that I believe may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.
MIT researchers have presented a new system that repairs dangerous software bugs by automatically importing functionality from other, more secure applications. Remarkably, the system, dubbed CodePhage, doesn’t require access to the source code of the applications whose functionality it’s borrowing.
The cryptography behind bitcoin solved a paradoxical problem: a currency with no regulator, that nonetheless can’t be counterfeited. Now a similar mix of math and code promises to pull off another seemingly magical feat by allowing anyone to share their data with the cloud and nonetheless keep it entirely private.
“Lone wolf” terrorism is often cited as the biggest terrorist threat today. The problem with this label is none of the assailants act alone. They all belong to virtual wolf packs.
Looking to bolster how it handles off-the-field incidents, the NFL is adding a new position: Director of Digital Forensic Investigations.
Following two cyber attacks on Penn State University’s College of Liberal Arts, the university is resetting passwords on its college-issued accounts, but school officials said they believe no personal identifiable information, such as Social Security numbers, or research data has been compromised.
Recently discovered malware which uses digital steganography to hide itself in .PNG files has been overwhelmingly targeted at US healthcare providers, according to Trend Micro.
In response to public concerns about cryptographic security, the National Institute of Standards and Technology has formally revised its recommended methods for generating random numbers, a crucial element in protecting private messages and other types of electronic data.
European police agencies have announced a "joint international strike against cyber crime," reporting that after a two-year investigation, they have disrupted a botnet gang that used and sold banking malware and cybercrime services that targeted victims and banks around the world.
Recently, Nextgov reported that the National Archives and Records Administration (NARA) found "indicators of compromise" similar to the breach at the Office of Personnel Management. But, the signs of intrusion turned out not to be so similar after all.
Malware that encrypts all of a victim's files and holds them for ransom - what's commonly called crypto-ransomware or cryptoware - continues to be hugely successful in making money for the criminal gangs who perpetuate it.
Finger-pointing burst into the open on Capitol Hill Wednesday over blame for hacking into the U.S. government's personnel records, which the chairman of a House oversight committee said might affect as many as 32 million current and former employees and others.
When handling a large-scale intrusion, incident responders often struggle with obtaining and organizing the intelligence related to the actions taken by the intruder and the targeted organization. Examining all aspects of the event and communicating with internal and external constituents is quite a challenge in such strenuous circumstances.
Adobe users have been urged to patch a newly-released critical vulnerability in Flash Player, after researchers warned it is being exploited in the wild by sophisticated Chinese hacking group APT3.
Financial services organizations - traditionally some of the best-fortified against cyber attacks - see three times as many attack attempts by cyber criminals than other industries do, a new study by Raytheon/Websense shows.
U.S. securities regulators are investigating a group of hackers suspected of breaking into corporate email accounts to steal information to trade on, such as confidential details about mergers, according to people familiar with the matter.
A serious vulnerability in RubyGems, a package manager for the Ruby programming language, can be exploited to trick end users into installing malware from attacker-controlled gem servers, Trustwave researchers have discovered.
If you're familiar with the environment, and aware of your surroundings while performing DFIR work, and know what should be there, you know what to look for, as well as what data sources to go to if you're looking for suspicious activity. It's all about knowing what to hunt for when you're hunting.
It's easy to assume that hackers work way above our pay grade. Electronic intruders must be able to exploit vulnerabilities in the software we use because they're evil geniuses, right? That may be the case in some very sophisticated attacks, experts say, but in others, not so much.
While China’s aggressive hacking operations are certain to continue, experts say the mammoth data breach at the Office of Personnel Management is a watershed event that will allow Beijing to move from broad reconnaissance to narrowly tailored snooping.
Security researchers have many names for the hacking group that is one of the suspects for the cyber attack on the U.S. government's Office of Personnel Management: PinkPanther, KungFu Kittens, Group 72 and, most famously, Deep Panda. But to Jared Myers and colleagues at cybersecurity company RSA, it is called Shell Crew, and Myers' team is one of the few who has watched it mid-assault — and eventually repulsed it.
The Electronic Frontier Foundation, the non-profit defender of digital rights, has released their latest attempt to fill in where privacy protection laws have fallen short.
Researchers have uncovered huge holes in the application sandboxes protecting Apple's OS X and iOS operating systems, a discovery that allows them to create apps that pilfer iCloud, Gmail and banking passwords and can also siphon data from 1Password, Evernote and other apps.
Democrats and Republicans on the House Oversight and Government Reform Committee were united Tuesday in heaping scorn upon the leaders of the Office of Personnel Management, the agency whose data was breached last year in two massive cyber attacks only recently revealed.
- Page 1