GitHub rolls out new token scanning, security alert features
GitHub will automatically scan for access tokens in public code with its new beta. It's also launching an API for security advisories.
New research highlights Vietnamese group's custom hacking tools
Researchers at Cylance have uncovered remote access tools linked to the infamous Vietnamese hacking group APT32.
Meet GreyEnergy, the newest hacking group hitting Ukraine’s power grid
Cybersecurity researchers at ESET have identified a spinoff to the infamous Russian hacking group.
WhiteSource raises $35 million for open source flaw detection platform
WhiteSource says that as more organizations implement open source components, there's a growing need for automated open source bug monitoring services.
Report: People are crowdfunding to buy voter data off hacker forums
While data is being illicitly sold, it was not necessarily illicitly obtained, as voter records are in many cases public records.
Ransomware hits computer networks of North Carolina water utility
The utility has vowed not to pay a ransom for the attack, which will force the company to rebuild its computer systems.
Facebook revises affected account number to 30 million; investigation ongoing
The company also says the FBI has been brought in for an investigation.
Slow disclosure of Google+ flaw draws attention of senators
Republican senators have written to Google CEO Sundar Pichai demanding to know why the company was reportedly slow to disclose a software flaw in its Google+ social network.
Talos: Android trojan resembling Play Store installs sophisticated spyware
While some companies are choosing to avoid the Google Play Store, Talos says "GPlayed" highlights the risks of downloading apps from third-party websites.
Researchers link tools used in NotPetya and Ukraine grid hacks
New research provides evidence that a group with Russian military ties was involved with the NotPetya and BlackEnergy incidents in Ukraine.
U.S. officials say supply-chain threat is 'very real' regardless of Bloomberg story accuracy
Senators sought answers from the DHS and FBI head about a reported widespread supply chain attack, as well as foreign election interference.
NSA official: Bloomberg story created a frenzied, fruitless search for supporting evidence
A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered an extensive search for evidence that has so far turned up nothing.
Symantec reveals state-sponsored group that doesn’t care for malware
The hacking group, dubbed "Gallmaker," has been going after diplomatic and military targets in a campaign that researchers say is difficult to detect.
Why we’re still not ready for ‘like-war’
A new book charts the history of the weaponization of information and explains how the U.S. is still struggling to cope with the phenomenon.
Magecart group compromises customer ratings tool, affecting 'hundreds' of online stores
RiskIQ says certain factors limited the scope of this compromise, and there are lessons learned as to how to avoid it.
Google shuts down Google+ for consumers due to bug found months ago
In March, Google found that a flaw in its Google+ People API exposed data including name, email address, occupation, gender and age. "We found no evidence that any profile data was misused," the company said.
DHS, Apple push back on Bloomberg supply chain story
U.S. and British security agencies have backed statements by Apple and Amazon Web Services disputing an explosive news report claiming that the Chinese compromised hardware used by the tech giants.
DOJ official: Whether they're extradited or not, indicting foreign hackers is important
Whether or not foreign government hackers see the inside of a U.S. courtroom, indicting them is key to American deterrence policy, Adam Hickey said.
Randori enters automated red-teaming scene with $9.75 million seed investment
The Boston-based company stresses that its platform carries out real attacks, not simulated ones, on its customers networks to assess risks and vulnerabilities.
Report: The bigger the company, the messier the password practices
A new report from password management company LogMeIn found that the bigger the enterprise, the bigger the problem when it comes to managing passwords.