As the threat landscape continues to deepen in both volume and complexity, bug bounties are becoming an increasingly popular way for vendors to cost-effectively uncover potentially severe exploitable security issues. Microsoft has joined the cash-payout fray for the first time, announcing three new "Heart of Blue Gold" bounty programs that will pay up to $100,000 to enterprising researchers and hackers.

Oracle has released its June 2013 Java SE Critical Patch Update (CPU), which fixes 40 security issues. All vulnerabilities except three can be exploited remotely without authentication by an attacker, and in most cases, the attacker can take complete control of the system.

(ISC)2 has announced that it is now accepting nominations for its 2013 U.S. Government Information Security Leadership Awards (GISLA).

The source code for the Carberp banking trojan is up on the block in the Russian underground – and for a mere $5,000.

Camjacking is clickjacking aimed at taking over the PC’s webcam – and although Adobe fixed the Flash vulnerability that allows it back in 2011, it lives on in the Flash implementations of Chrome and (not verified) IE10.

I came across a brief article on Forbes by Andy Greenberg on a bug in the beta version of iOS 7 that makes it possible to bypass its lockscreen in order to access (not to mention delete, tweet etc.) t...

We’re obviously not even close to the end of the revelations around both Operation PRISM and Edward Snowden, but (avoiding political or ethical commentary on what happened) a few things are beco...

A controversy concerning the information security policies at the US Department of Veterans Affairs was reported by Federal News Radio last week, and while it is dangerous to draw conclusions fro...

By Merritt Maxim We continue to hear about how cloud, mobility and the consumerization of IT has the potential to transform business. However, the ongoing hype around these trends may lead some to b...

Comment: A Cultural Spat? Data Protection and Privacy Issues between the EU and US As the EU Commission edges closer to adopting revisions to its Data Protection Directive, US companies will be looking more closely at their IT practices in consumer data retention says Andy Green of Varonis.

A CEO's Guide to Big Data Security Feeling a bit lost in the Big Data ocean? The ISF’s Steve Durbin provides a life boat by briefing the Big Chair about its security and risk management implications

Comment: Beware a Quiet Queen’s Speech Consultant William Wallace finds that what wasn’t said in the recent speech to open the new session of parliament may be as interesting as what was.

Arab Uprising: Information Security in the Middle East The Middle East is an emerging market for information security and related awareness. With Israel already at the forefront of the industry, Wendy M. Grossman examines what the rest of the region is doing to catch up

Comment: Cybersecurity and Reality – What’s in a Word? What does the word 'cyber' really mean? Gregor Campbell cracks open his dictionary to trace its transformation

An Inside Look at AT&T’s Operations Center, and its Security Strategy One of the largest network services providers in the US invited Infosecurity to its Global Network Operations Center in Bedminster, New Jersey, and then explained why it is poised for success within the IT security market.

Comment: Rethinking Safety in the Modern Digital World Eric D Knapp of Wurldtech contemplates what safety means in today’s digital environment

The Prognosis for Medical Device Security Medical devices can be hacked – but how much of a danger is it? Danny Bradbury asks the experts

Comment: Exposing the Myths of Access Rights Management Managing access rights is time-consuming and often considered a mundane task. Nevertheless, making sure only the right people can access company data is a business-critical function. Christian Zander of protected-networks.com addresses a number of ‘myths’ he has encountered when discussing this issue with senior IT management across Europe.

Interview: Dorothy Denning In her heart a true academic, Drew Amorosi tracks down Dorothy Denning – renowned information security researcher and trainer of today’s cyber warriors