Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function.

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.

New file-sharing protocols and interfaces called Upspin have been released to open source. Built by Google, Upspin returns access control and data security to the user.

When hackers infiltrated Dropbox in 2012 they made off with credentials for roughly 68 million users. The fact that the online storage site was hacked four years ago was no secret. But details around the sheer size of the stolen database, which contains users’ email addresses plus hashed and salted passwords from 2012, were unknown until Tuesday,...

Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012, they’ll be prompted to update it the next time they log into their account. The company claims the move is “purely a preventative measure” and stressed that there’s no proof users’ accounts have been improperly accessed....

Intuitively, auto-correcting passwords would seem to be a terrible idea, and the worst security-for-convenience tradeoff in technology history. But a team of academics from Cornell University, MIT and a Dropbox security engineer say that the degradation of security from the introduction of such an authentication mechanism is negligible. The team—Rahul Chatterjee, Ari Juels and Thomas...

An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong. An August attack against several media companies in Hong Kong was carried out shortly after a high-profile controversy over an appointment at the prestigious...