There are two Yahoo conspiracy theories: It was hacked by a "state-sponsored actor," and it disabled email forwarding to prevent a post-breach exodus. Although neither scenario appears to be true, that doesn't mean the badly breached search giant is in the clear.
Neutering the army of web-connected devices used in the large internet attack that hampered access to major sites - including Amazon, PayPal, Spotify and Twitter - is technically possible. But no option offers either a great or near-term fix.
Massive DDoS attacks, targeting DNS provider Dyn, have triggered widespread internet disruptions. Security intelligence firm Flashpoint says the attacks have been perpetrated at least in part via a botnet of Mirai-infected internet of things devices.
Authorities say Yevgeniy Aleksandrovich Nikulin stole credentials from a LinkedIn employee and used them to breach the social networking firm in 2012, in which well over 100 million members' passwords were exposed.
Yahoo is appealing to the U.S. director of national intelligence to declassify an order that allegedly required the company to install secret spying software that scanned incoming email accounts for specific content.
Yahoo, now negotiating its sale to Verizon, has posted an increase in quarterly profits and page views, bolstering its case that its massive data breach didn't irrevocably damage its value. But with ad revenues in decline, time is running out.
Russian hackers may think twice before traveling outside the country for a vacation in light of the arrest of alleged 2012 LinkedIn hacker "Yevgeniy N." by Czech police at a restaurant in Prague earlier this month.
WikiLeaks leader Julian Assange's interference in the U.S. elections has earned the Ecuadorian embassy in London's houseguest a slap on the wrist as his internet connection gets taken away. In the interim, maybe he can take up knitting?
As U.S. ATM operators face MasterCard's Oct. 21 EMV liability shift deadline, a surge in explosive attacks against European ATMs is a reminder that anti-fraud features won't block all money machine crime.
A "bottom-up" approach to IoT security is essential, starting with the hardware as the "root of trust" and then addressing the operating systems and applications, says Wind River's Thilak Ramanna, who calls for the development of standards to ensure security is baked into devices.
IoT devices running the authentication protocol OpenSSH are being compromised and used as proxies in attacks that aim to take over accounts at popular web services, according to new research from Akamai.