Researchers at the security firm Tenable uncovered a vulnerability in a Siemens software platform used to manage industrial control systems, and Siemens has issued a patch. The same platform was exploited during the Stuxnet attack a decade ago.
Video conferencing vendor Zoom has opted to make major changes to its Mac application after a security researcher found several weaknesses in it. The changes come after the researcher refused a bug bounty and instead went public after 90 days, putting pressure on Zoom.
Sensitive information, including credit card and phone numbers, was left exposed to the internet on an unsecured database belonging to Fieldwork Software, which provides cloud-based services to small businesses, researchers note in a new report.
In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. What are their objections? Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers.
The data protection gloves have finally come off in Europe after GDPR enforcement began last May - the U.K.'s privacy watchdog has proposed large post-breach sanctions against British Airways and Marriott. Consider the tables now turned on firms that fail to properly safeguard personal data.
Britain's privacy watchdog says it plans to fine hotel giant Marriott $125 million under GDPR for security failures tied to a 2014 breach of the guest reservation database for Starwood, which Marriott acquired in 2016. Undiscovered until 2018, the breach exposed 339 million customer records.
The federal government, device manufacturers and healthcare delivery organizations have all raised their games to address medical device security. Now it's time for patients - those truly impacted by devices - to have their say in the discussion, says Suzanne Schwartz, M.D., of the U.S. Food and Drug Administration.
Jeff Gilhool of Lookout explains how phishing and malware are becoming bigger issues for mobile devices and describes what healthcare organizations can do to incorporate HIPAA compliance in their mobile device management plans.
Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services. But that sharing has been hampered by a lack of understanding of why it's important and how organizations can benefit, he says.