A flaw in the way Go handles some invalid HTTP headers could allow an attacker to authenticate as any user on a Kubernetes server in some instances.
Arm is bringing custom instructions to its Cortex-M processors. The overall security of these processors will depend on how these instructions are actually implemented.
Kenneth White of MongoDB joins Dennis Fisher to discuss the challenges of encryption implementations in modern enterprise networks.
The Lazarus APT group has developed another macOS backdoor that has been delivered through a fake cryptocurrency trading app.
Some of the biggest names in security have banded together for a new industry initiative to make it easier for different security technologies to work together.
A data breach disclosed in August by Imperva came from an AWS API key stolen from a compromised internal compute instance in 2017.
CCPA becomes law on Jan. 1. The California Department of Justice has released draft rules on how businesses should make sure they don't violate the new data privacy law.
The FIN7 group has begun deploying new tools, including a module that specifically targets a remote administration tool for payment card systems.
A Mozilla-funded security audit of the iTerm2 terminal emulator for macOS found a critical remote-code execution bug.
An attack group known as Phosphorus that is linked to the Iranian government has targeted email accounts of U.S. government officials and people associated with a presidential campaign.
Companies pay attention to privacy legislation and regulations because they don't want the penalties and fines. There is also a hefty cost associated with becoming compliant in the first place.
The FBI does not advocate paying a ransom because there's no guarantee the organization will get the data back, but acknowledged in an updated guidance that sometimes, for some organizations, paying the ransom makes a lot of sense.
The Urgent/11 vulnerabilities in the IPnet stack affect a much broader range of devices than originally thought.
Even the most sophisticated botnet can be discovered if the group doesn't take steps to hide its activities.
Nevada joins the list of states with legislation on the books giving residents more control over how their personal information is used.