In the latest cautionary tale involving the so-called Internet of things, white-hat hackers have devised an attack against network-connected lightbulbs that exposes Wi-Fi passwords to anyone in proximity to one of the LED devices.
The Social Security numbers of roughly 18,000 California physicians and health-care providers were inadvertently made public after a slip-up at health insurance provider Blue Shield of California, the organization said Monday.
The numbers were included in monthly filings on medical providers that Blue Shield is required to make to the state's Department of Managed Health Care (DMHC). The provider rosters for February, March and April 2013 included the data and were available under the state's public records law.
Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware.
The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to a different website hosting an installation of the Sweet Orange Exploit Kit, an attack tool that uses exploits for Java, Internet Explorer and Flash Player.
You know how airport security will occasionally ask you to turn on a phone or laptop to prove that it isn't hiding explosives? Well, that's no longer just a rare inconvenience -- if you take certain flights, it's mandatory. The TSA now requires that you power on your gadgets when flying to the US from "certain overseas airports." If you have a dead battery, you're out of luck. You'll likely have to leave that hardware behind, and you might go through "additional screening" at the same time:
The Electronic Frontier Foundation (EFF) is suing the National Security Agency (NSA) over government disclosure of security flaws that have been uncovered by the intelligence community.
Cisco Systems has released a security update that closes a backdoor allowing attackers to control software that large organizations use to manage voice over IP (VoIP) calls and messaging over their networks.
Cisco has discovered spearphishing malware in Microsoft Word that uses an exploit targeting the software's Visual Basic Scripting for Applications feature.
Cisco's investigation into the malware identified a group of attacks by the same threat actor, with Cisco exposing the threat actor's network after it had discovered a Microsoft Word document that downloaded and executed a secondary sample, which began beaconing to a command and control server.
A group of hackers called Green Dragon Crew announced on Twitter that the recent cyber-attack on the Privatbank, the largest commercial bank in Ukraine was their doing.
The attack appears to be a distributed denial-of-service since on June 30, for a few hours, the bank’s pages either would not load or offered sporadic access to the customers.
With a number of high-profile security breaches making headlines of late, organizations are increasingly realizing they must beef up their security teams or risk catastrophe.
Matt Comyns, global co-head of the Cybersecurity practice at Russell Reynolds Associates, an executive leadership and search firm, sat down with CIO.com to discuss the changing role of the Chief Information Security Officer (CISO), the global cybersecurity landscape and why finding and retaining elite security talent is critical.
Apple on Monday appears to have rolled out a new implementation of its two-factor Apple ID authentication system with iCloud.com, requiring users who have the additional layer of security enabled to enter a special code before accessing the Web apps.
With the new implementation, shown in the screenshot above, Apple is expanding its two-step authentication security feature beyond Apple ID management and iCloud-connected features to the iCloud.com Web app suite. Prior to the change, iCloud.com was accessible via a simple password. The feature was first spotted by reader Stephan.
