Government ICS report reveals access control a major issue for sector along with nagging issues around poor code quality and cryptography.

Cisco released a patch for a critical flaw that allowed a remote attacker to gain control of one of its email security appliances.

Cisco rolls out a bevy of patches tied to vulnerabilities found in its cloud services platform, IOS software and Prime Home products.

A House Committee report slammed the former U.S. defense contractor saying he has done “tremendous damage” to the United States national security.

Bruce Schneier talks to Mike Mimoso about information he was given regarding an increase in DDoS and probing attacks targeting companies running core internet infrastructure in an attempt to test their defenses. For some additional context about this conversation, read an article by Schneier on these incidents, and check out a recent VeriSign report quantifying...

The White House announced yesterday it has hired retired Brigadier General Gregory J. Touhill, right, to serve as the first federal chief information security officer. Touhill will be responsible for setting policies, strategies and practices across federal agencies. According to a White House blog post announcing the news, the role of the first federal CISO...

Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first. The scathing report by Republicans on the U.S. House of Representatives’ Committee on Oversight and Government Reform blasted the...

Microsoft is stepping up its bug hunting efforts surrounding its Visual Studio development suite, adding Microsoft .NET Core and ASP.NET Core to its Bug Bounty program. The bounties opened yesterday and will run “indefinitely,” according to Microsoft. The bounty program includes the Windows and Linux versions of .NET Core and ASP.NET Core. Bounty payouts range from...

After painstakingly calculating the true cost of cybercrime in the European Union researchers conclude it’s nearly impossible to come up with hard numbers. In a study released this week by the European Union Agency For Network And Information Security (ENISA) researchers assert that it’s vitally important to identify the magnitude of cybercrime against the European...

An undocumented SNMP community string has been discovered in programmable logic controllers (PLCs) built by Allen-Bradley Rockwell Automation that exposes these devices deployed in a number of critical industries to remote attacks. Researchers at Cisco Talos today said the vulnerability is in the default configuration of MicroLogix 1400 PLC systems. Rockwell Automation, meanwhile, said versions...