'Abiss' attackers used an older VPN profile to get into Avast's network and targeted its CCleaner utility.

The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.

Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.

New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.

Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.

One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.

More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.

As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.

For less than $200, attackers were able to infect thousands of systems, stealing user credentials, cryptocurrency wallets, and web histories, an analysis finds.

Details from a campaign tracked over the past five months show how cybercriminals are continuing to refine their strategies and attempting to adjust to victims' resolve to not pay ransoms.

Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.

Attackers continue to focus on bread-and-butter tactics, according to a quarterly threat report.

New analysis of the software used by espionage groups linked to Russia finds little overlap in their development, suggesting that the groups are siloed.

The law, which goes into effect in on January 1, requires manufacturers equip devices with 'reasonable security feature(s).' What that entails is still an open question.

The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.

Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.

Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.

OWASP's new list of API weaknesses focuses on issues that have caused recent data breaches and pose common security hazards in modern cloud-based applications.

From university courses to open source self-starters, community software projects aim to solve problems for populations in need. A focus on security is required as well.