The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China.
The infamous Regin trojan is likely to have been developed by the NSA or one of its allies,...
When operating outside of the law, you can't rely on the police to protect your illegal...
Red Hat Inc and other makers of the widely used Linux operating system for business computers updated their software on Tuesday to thwart a serious new cyber threat they warned could allow hackers to gain remote control of their systems.
The debate over online anonymity, and all the whistleblowers, trolls, anarchists, journalists and political dissidents it enables, is messy enough. It doesn’t need the US government making up bogus statistics about how much that anonymity facilitates child pornography.
Bruce Schneier recently talked with Edward Snowden, who spoke using video chat from 4,500 miles away in Moscow, before an audience at Harvard's School of Engineering and Applied Sciences about encryption.
Hackers defaced the website of Malaysia Airlines on Monday and threatened to dump stolen information online after posting a glimpse of customer data obtained in the attack.
Security researchers at anti-virus vendor Kaspersky Lab have released more information about two of the modules associated with the Regin malware, which many believe to be a surveillance tool designed to conduct espionage.
A Washington resident who assisted in the management of the Silk Road 2.0 website was arrested late last week on a complaint charging him with conspiracy to distribute heroin, methamphetamine and cocaine. Using the moniker “DoctorClu” on the Silk Road site, he came to the attention of Homeland Security Investigations agents last July.
Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud.
A major new initiative to explore the growing area of cybersecurity and to examine the knock-on effects on society – legal, ethical and cultural – is to be established at Queen’s University Belfast.
The U.S. government's attribution of the Sony Pictures Entertainment hack attack to North Korea stems, in part, from the U.S. National Security Agency having infected a significant number of North Korean PCs with malware, which the intelligence agency has been using to monitor the country's hacking force.
Hacking group Lizard Squad’s DDoS-for-hire website LizardStresser has itself been hacked and the entire database of customers who signed up is now in the hands of the authorities, according to reports.
In just over an hour of staccato cross-examination, Joshua Dratel, lawyer for Silk Road trial defendant Ross Ulbricht, pursued a line of questioning suggesting that the man who really controlled Silk Road wasn't his young client, but Mark Karpeles, the wealthy former owner of the Mt. Gox Bitcoin exchange.
How to make politicians really understand the dangers of mass digital surveillance and the importance of information security? Gustav Nipe, the 26-year old president of the Swedish Pirate Party's youth wing, tried to do it by setting up an open Wi-Fi network at the Society and Defence National Conference in Sweden.
The United States aims to use new sanctions imposed on North Korea over the cyber attack on Sony Pictures to cut off the country's remaining links to the international financial system, a senior U.S. Treasury official has said.
Recently, Johannes Ullrich, Chief Technology Officer of the SANS Internet Storm Center spoke with Forensic Magazine about a case presented at 31C3 2014. He helps us understand how this unusual email attack could be a nation-state-level operation.
The online attack service launched late last year by the same criminals who knocked Sony and Microsoft’s gaming networks offline over the holidays is powered mostly by thousands of hacked home Internet routers, KrebsOnSecurity.com has discovered.
Federal agencies are big users of antivirus software, and regardless of their technical competence, government security professionals still find themselves victims of malware. Unfortunately, simply installing antivirus technology does not protect today’s endpoints.
If you’re sitting in a coffee shop, tapping away on your laptop, feeling safe from hackers because you didn’t connect to the shop’s wifi, think again. The bad guys may be able to see what you’re doing just by analyzing the low-power electronic signals your laptop emits even when it’s not connected to the Internet.
FBI director James Comey has tried to shed some light on his agency’s claims that North Korea was behind the Guardians of Peace cyber attacks that tore apart Sony Pictures in November and forced the cancellation of The Interview. But, according to security experts, it’s unlikely that his fresh assertions that the hackers were sloppy and leaked data that led back to North Korea will stand up to scrutiny.
A UK consultant has demonstrated how a feature of the secure Web protocol HTTPS can be turned into a tracking feature that is, in the case of some browsers, ineradicable.
On Monday, a federal judge in Nebraska sentenced the former acting director of cybersecurity for the US Department of Health and Human Services to 25 years in prison on child porn charges.
Often an examiner will analyze all the digital media only to determine that the probative data was limited to a browser’s history file, an e-mail, a document, the mobile devices’ logs, or an inappropriate graphic video or picture. Finding the critical probative data faster in a cost effective manner while reducing or eliminating case backlogs is going to require a more efficient methodology.
The courts have generally accepted evidence collected from the Internet as long as its authenticity can be established. Following the current methodology and the lessons learned from the field of traditional digital forensics, a standard can be developed for the collection of Internet based evidence.