When he was an FBI agent, Jay Kramer always preached the importance of having relationships with law enforcement in advance of experiencing a data breach. Now, as a private sector attorney, he can help clients form those relationships.
The new head of the agency that enforces HIPAA says his top enforcement priority for the coming year is to find a "big, juicy, egregious" breach case to use as an example from which others can learn. What else is on Roger Severino's agenda?
Security experts often contend that potential damage from cyberattacks can be avoided if organizations just patch their systems. But Bank of the West Deputy Chief Security Officer David Pollino says applying patches sometimes is more easily said than done.
Instagram is warning that more users were affected by a hack of its systems than it first suspected. While email addresses - and some phone numbers - for celebrities, including Emma Watson and Lady Gaga, appear to have been compromised, 6 million account holders in total may have been affected.
AT&T's U-verse routers and gateways contain a bevy of internet-of-things coding errors that could be easily exploited by hackers, a researcher contends. As many as 235,000 hosts could be vulnerable to attack.
This special edition of the ISMG Security Report features the observations of top cybersecurity experts featured at Information Security Media Group's recent Fraud and Breach Prevention Summit in New York.
The U.S. federal government and many states haven't conducted forensic investigations into the election systems probed by hackers prior to the 2016 election. An investigation by the New York Times has found two more providers of election systems that were breached.
A federal judge has ruled that a consolidated class-action lawsuit filed by those affected by the Yahoo data breaches can proceed. The ruling means Yahoo's corporate parent, Verizon, will face a suit that could eventually lead a court to attempt to quantify the financial impact of leaked data.
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
The ISMG Security Report leads with views on a novel way to fund the growth of the United States military's Cyber Command by seizing assets such as digital currencies from hackers and other criminals. Also, we offer tips on how to recruit scarce IT security pros.
A federal judge has granted preliminary approval for an amended $115 million settlement in the class action lawsuit over the 2015 cyberattack on Anthem, which resulted in a breach impacting nearly 79 million individuals. An amendment frees certain others from liability in the case.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.