Security News

Almost since its inception in October 2016, the UK's National Cyber Security Centre (NCSC) has been considering how to formalize its vulnerability disclosure process. While the agency has a wider...

Almost since its inception in October 2016, the UK's National Cyber Security Centre (NCSC) has been considering how to formalize its vulnerability disclosure process. While the agency has a wider...

The flaw offered attackers a way of executing keystroke injection to take control of a Windows PC running Logitech Options.

GCHQ Joins the NSA in Publishing its Vulnerabilities Equities Process read more

Plus: State-backed hacks now need permission from a judge On the same day that certain types of British state-backed hacking now need a judge-issued warrant to carry out, GCHQ has lifted the veil...

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators SayUber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data...

Credential Stuffing Attack Cracked Uber's Amazon S3 Buckets, Investigators SayUber has been slammed with $1.2 million in fines by U.K. and Dutch privacy regulators for its cover-up of a 2016 data...

HHS Imposes Penalty on Small Clinic and Demands ActionIn at least the fourth federal HIPAA case involving improper disclosure of patient information to the media, federal regulators have slapped a...

I've been writing about "responsible disclosure" for over a decade; here's an essay from 2007. Basically, it's a tacit agreement between researchers and software vendors. Researchers agree to...

Critical Infrastructure Operators Must Plan for Scenarios in Which a Physical and Cyber Event Occur Simultaneously read more