Recorded Future has signed an agreement with Ukraine's Ministry of Digital Transformation to help protect the county's critical infrastructure against Russian physical and cyberattacks. The company can help detect novel strains of malware and command-and-control infrastructure run by the Russians.
The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed. LastPass says the attacker downloaded from the cloud backups of multiple users' encrypted password vaults, as well as unencrypted URLs.
A salute to the career of Johnson & Johnson CISO Marene Allison leads this week's Information Security Media Group Editors' Panel, which also reviews essentials for implementing a zero trust strategy and the use of banking standards to regulate blockchain-based digital assets.
The planned merging of two health data exchange standards organizations - DirectTrust and the Electronic Healthcare Network Accreditation Commission - will help support healthcare sector efforts to advance secure health data exchange, says Scott Stuewe, CEO of DirectTrust.
A federal judge has denied granting a preliminary injunction against Meta to stop the firm's Pixel tracking code in healthcare websites from collecting and disseminating patient information for advertising. But the judge says he could change his mind as more details about patient privacy emerge.
The French data protection authority fined Microsoft Ireland 60 million euros for privacy and security practices relating to a Bing search engine advertising cookie. The company has three months to get the consent of the French users before further deployment of the cookie.
Unifying decision-making about privacy, security, ethics and governance poses a huge challenge from a regulatory and operational perspective, says OneTrust CEO Kabir Barday. OneTrust has created a network of 900 lawyers across 300 jurisdictions that feed intelligence into the company's platform.
In a surprise move, Britain's Information Commissioner's Office recently named names - lots of names - on the data breach front. The ICO has published detailed information about breaches of personal data, complaints and the civil investigations. Attorney Edward Machin explains the implications.
The latest edition of the ISMG Security Report discusses why it is always a bad idea for organizations to pay hackers for data deletion, practical steps organizations can and should take to avoid being at the heart of a data subject complaint, and the latest efforts to tackle the ransomware threat.
In this episode of "Cybersecurity Unplugged," Joe Weiss, managing partner at Applied Control Systems, offers suggestions for how to harden our OT networks today, including what CISOs need to know and how guidance from the federal government needs to change.
A resurrected proposal to enhance medical device security is nestled within the 4,155-page, $1.7 trillion omnibus spending bill that the Senate passed Thursday and sent to the House for approval. Medical device makers would be required to meet cybersecurity standards and disclose vulnerabilities.
Chris Inglis intends to step down as head of the Office of the National Cyber Director inside the White House after President Joe Biden approves a new national cybersecurity strategy for critical infrastructure. The strategy will recommend a regulatory approach, a former congressional staffer says.
As major cyber incidents involving vendors surge, healthcare entities must carefully and continuously scrutinize the security practices of their third-party vendors, says Kathy Hughes, CISO of Northwell Health.
Bad hackers so often get portrayed as bombastic villains who can "hack the Gibson" while breathlessly exclaiming, "We're in!" Real-world "hack attacks" are typically much more mundane, including an alleged scheme enabling taxi drivers to jump to the head of the line at JFK Airport.
Europe took a key step in formalizing a framework to underpin the trans-Atlantic flow of commercial data but privacy activists say the EU-U.S. agreement won't stand up to a legal challenge. The Commission on Dec. 13 issued a draft adequacy decision on the EU-U.S. Data Privacy Framework.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.