Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?
U.K. police have arrested a teenager on suspicion of having perpetrated a series of high-profile hacks and pranks against senior U.S. officials, including the director of the CIA, plus the recent release of nearly 30,000 DHS and FBI employees' contact details.
How will federal banking regulators respond to growing criticism of the FFIEC's Cybersecurity Assessment Tool? A new FDIC publication leads some experts to believe no new guidance is forthcoming. Here's why.
With the U.S. accelerating its adoption of the EMV chip, encryption and tokenization, life is going to get tougher for fraudsters, and card-not-present fraud will rise, says PCI Council Director Jeremy King. Regions with poor data security must beware.
Hong Kong toymaker VTech has revised its end-user license agreement to make clear that it can't be held legally responsible for any data breaches. Many security experts have reacted with fury. But is VTech's move unusual?
President Obama is creating a federal CISO post as part of a multifaceted initiative aimed at strengthening the nation's IT security. His plan includes forming a public-private Commission on Enhancing National Cybersecurity and boosting government cybersecurity spending by 35 percent.
The U.S. government is probing an apparent cybersecurity lapse that allowed a hacker to obtain and release contact information for more than 20,000 FBI employees and 9,000 other Department of Homeland Security employees.
Here's more evidence of how a data breach can have a major financial impact. The bill for U.K. telecom giant TalkTalk's October 2015 data breach could be as much as $94 million, and the incident resulted in the loss of 95,000 customers.
Have Russian authorities collared the cybercrime gang responsible for the notorious Dyre malware? Related attacks ceased after authorities raided a Moscow-based production company developing a movie called "Botnet," Reuters reports.
Java users are being warned to only use newly released installers to avoid a nasty potential exploit. Meanwhile, a veteran bug hunter questions whether Oracle's move to ditch Java browser plug-ins will have a significant security upside.
The trend across industries is that automation results in a drastic reduction of operational job roles, even as it brings in economies of efficiency. What then does automation in security mean for the profession?
A new breach of customer accounts at luxury retailer Neiman Marcus is, once again, putting the spotlight on the vulnerabilities created by relying only on usernames and passwords for online authentication, and the risks posed by storing customer information.
"We never negotiate" might be the expectation whenever law enforcement or government agencies get targeted by criminals or even "cyberterrorists." But outside Hollywood, the reality too often turns out to be far less rigid.
Landry's Inc. now reveals the broad scope of point-of-service malware attacks against its restaurants and other properties dating back to 2014 and 2015. Experts discuss factors that could have contributed to the breaches.