Security Trends 

TrueCrypt Getting a New Life

TrueCrypt will stay alive, thanks to devotees who are forking the encryption program's code. 'Cleaned up' code will get a new name, CipherShed, and a different open source license.

Internet of Things a Potential Security Disaster

Experts believe the Internet of Things will be highly insecure, at least in the early days.

Startup Spotlight: CloudPassage's Software-defined Security

As the software-defined data center becomes more common, enterprises are seeking security solutions that are abstracted from the underlying infrastructure.

Security Research and the Law: What You Need to Know

Security researchers must navigate a minefield of U.S. laws and statutes, such as the Computer Fraud and Abuse Act.

DefCon: Advice on Evading Black Helicopters

You say 'paranoid,' I say 'careful.' Expert offers 'practical' advice on living the paranoid lifestyle.

Yahoo CISO Details Challenge of Security at Scale

Security vendors focus on banks not Web-scale companies, says Yahoo CISO Alex Stamos.

Backoff PoS Malware Demonstrated at Black Hat [VIDEO]

Trustwave researchers demonstrate Backoff malware, which targets POS systems, at Black Hat. Attack that has compromised 600 retailers relies on Java.

Using Military Strategy to Fight Cyber Battles

What does the Library of Sparta have to do with modern IT security? Military strategies are increasingly common in cybersecurity – and with good reason.

Buy All the Cybersecurity Vulnerabilities: Black Hat Keynote

Black Hat keynote speaker Dan Geer has some radical ideas to reshape modern security, including a suggestion that the United States purchase security vulnerabilities and make them public.

Dude, How Secure Is My Connected Car?

With connected cars becoming more common, experts say vehicle manufacturers should adopt security best practices used by mobile device makers.

Hackers Target Browsers, Especially IE: Bromium Labs

Hackers targeted Microsoft's Internet Explorer with an emerging attack technique called action script spray in the first half of 2014, say Bromium Labs researchers.

Google Project Zero Focuses on Internet Security

Months after reporting its first vulnerabilities, Google officially acknowledges the existence of a shadowy security group known as Project Zero.

Boleto Malware Hits Brazil Payment System

New IBM Trusteer research finds new variants of malware used to exploit Brazil's Boleto payment system.

Fighting Advanced Persistent Threats with Emulation

A layered approach to security is the key to fighting advanced persistent threats (APTs).

Identity and Access Management's Role in Secure Cloud Collaboration

As enterprises demand more secure cloud-based externalization, companies like Exostar are answering the call with IAM solutions.

Hackers Using DDoS to Distract Infosec Staff

Hackers are increasingly using DDoS attacks as a kind of 'smokescreen' that helps them carry out data breaches.

Data Breach Roundup: May 2014

Third-party vendors played a significant part in a handful of data breaches in May. This is why, experts say, companies must ensure vendors are careful with their data.

HR a Hot Target for Cybercriminals

Hackers see HR as an easy – and valuable – target. Educating HR staff is a key defense.

Are Anti-Malware's Days Numbered?

Anti-malware software can't spot all malicious code. Is  isolating end-user tasks through virtualization a better approach to security?

Retailers Partner on Cybersecurity Initiative

Retail Cyber Intelligence Sharing Center initiative will make it easy for retailers to share cybersecurity intelligence with each other and with government agencies.

Is Infosec Getting More Stressful?

Most IT professionals are stressed out at work, a recent survey suggests. Information security pros are especially stressed, thanks to growing levels of unpredictability.

Data Breach Roundup: April 2014

Would sharing intelligence on hackers and other threats help companies avoid data breaches? At least one expert thinks so.

Do You Need EV-SSL? [VIDEO]

The CEO of Comodo, a key contributor to the EV-SSL standard, explains why extended validation SSL matters but why you might not always actually need it.

Startup Spotlight: Cloud Security Specialist Armor5

Most mobile security solutions utilize a traditional endpoint management approach, but not the cloud security service provided by startup Armor5.

How Should Enterprises Score Security? [VIDEO]

Qualys CTO Wolfgang Kandek discusses his firm's Web application firewall and security scoring efforts and hints at future security technologies to come.