New Zealand's privacy commissioner is recommending new civil penalties against companies of up to NZ$1 million (US$718,000) for a "serious" data breach in light of sterner penalties adopted by Australia and the European Union.
In this edition of the ISMG Security Report: An evaluation of the challenges law enforcement faces in using lawful hacking and metadata as an alternative way to collect evidence when cracking an encrypted device is not an option. Also, a look at Trump's revised cybersecurity executive order.
A heavily revised draft of President Donald Trump's executive order on cybersecurity lays out initiatives to build upon the Obama administration's IT security programs rather than to radically change them. It's not yet clear when the president will sign the order, or whether it will be changed yet again.
Dozens of banks, governments and telecommunications companies have been struck by fileless malware, which resides in memory and leaves few traces for investigators, according to Kaspersky Lab. The use of open-source tools and utilities makes the attacks difficult to detect.
Harold Thomas Martin III, a former Booz Allen Hamilton contractor, has been indicted on 20 counts of stealing classified documents from a range of U.S. intelligence agencies. He faces up to 200 years in prison.
Just like epidemiologists studying disease outbreaks, cybersecurity professionals can benefit from identifying and mitigating certain behaviors, says Dr. Elizabeth Lawler, an epidemiologist who is CEO of Conjur, a data security firm.
The House has passed a privacy bill that would strengthen the legal protection afforded to emails older than 180 days. The bill now moves to the Senate, where it died last year after some senators tacked on controversial, privacy-eroding amendments.
The proposed creation of a CERT dedicated to serving India's financial sector is good news. But working out a realistic framework for its activities and defining its role in ensuring stronger security for the sector will prove challenging.
Televisions that spy on their users have long been a trope of dystopian fiction, including George Orwell's "1984." But the spying TV appears to be far from fictional, according to a new settlement agreement reached between the FTC and smart-TV maker Vizio.
Google plans to appeal a court order to comply with search warrants asking for account information stored outside the U.S. The ruling comes as Microsoft recently prevailed in a similar case, creating legal ambiguity.
When Army intelligence specialist Chelsea Manning leaked classified documents to WikiLeaks in 2010, the federal government's security clearance process served as the main defense against malicious insiders. CERT's Randy Trzeciak explains how insider threat defenses have changed since then.
India's finance minister Arun Jaitley announced plans to form a separate computer emergency response team, CERT-Fin, for the financial sector, in his union budget speech to the Indian parliament - a move that has drawn a mixed response from security experts
A report on passage by the House of Representatives of a bill aimed at toughening insider threat defenses at the Department of Homeland Security leads the latest edition of the ISMG Security Report. Also, analyzing the use of blockchain technology to secure healthcare data.
A suburban Dallas police department saw eight years' worth of digital evidence, including material for at least one active criminal case, frozen after a ransomware attack, another example of the continuing havoc caused by file-encrypting malware.