The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.
Reports on the Ukrainian energy supplier hack have left many crucial questions unanswered: Who was involved, did malware directly trigger a blackout and are other suppliers at risk from similar attacks? Cybersecurity experts offer potential answers.
An inspector general report on a Federal Reserve audit raises more questions than it answers regarding the security risks facing one of the Fed's information systems. The executive summary of the audit fails the transparency test to inform the public.
Conflicting cybersecurity guidance from banking regulators and a federal agency is making it more difficult for CISOs to set priorities, says Chris Feeney, president of BITS, the technology and policy division of the Financial Services Roundtable.
You made this mess, now you'll clean it up. That's the security message of the Federal Trade Commission's settlement with Oracle over its failure to update or eliminate older, insecure - and actively targeted - versions of Java.
In its sixth HIPAA resolution agreement so far in 2015, the HHS Office for Civil Rights has announced a settlement with the University of Washington Medicine that includes a $750,000 penalty. It's the first HIPAA enforcement case stemming from the investigation of a phishing-related breach.
TalkTalk's confusion in the wake of its recent data breach, as well as mangling of technical details and failure to encrypt customer data, demonstrate the importance of having an incident-response plan ready in advance of any breach, experts say.
The Irish Reporting and Information Security Service's IRISSCON Cyber Crime Conference is due to touch on DDoS, fraud, breach response, malware, social engineering, the Paris terror attacks and more.
As the Department of Health and Human Services gears up for its second round of HIPAA compliance audits, the focus will shift to using these audits for potential enforcement actions, including financial settlements, predicts attorney Anna Spencer.
The National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.
The so-called 30-day cybersecurity sprint championed by Federal CIO Tony Scott has resulted in a strategy and implementation plan for federal government civilian agencies that focuses on a defense-in-depth approach to IT security.
FBI Director James Comey's declaration that the Obama administration will not pursue legislation to require vendors to create a backdoor that would permit law enforcement to circumvent encryption on mobile devices isn't the end of the matter.
An alert issued - and then yanked - by the FBI about fraud vulnerabilities linked to EMV chip cards is reigniting the debate between bankers and retailers over whether EMV in the U.S. should be chip-and-PIN or chip-and-signature.
Two final rules for the HITECH Act electronic health record incentive program strongly emphasize the value of risk assessments and encryption as measures for safeguarding patient information. Here's an analysis of the details.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.