Medical device cybersecurity scrutiny usually focuses on potential patient safety issues. But vulnerabilities identified in a cardiac pacemaker programming device illustrate the risks also posed to patient data privacy, says Billy Rios, a researcher who discovered the problem.
Trying once again to clarify that security patches to medical devices usually don't need regulatory approval, the Food and Drug Administration has issued final guidance clarifying exactly when manufacturers must have the agency review device modifications.
Researchers say they've identified faulty cryptographic code in microchips made since 2012 by Infineon Technologies, posing risks to government-issued smartcards, consumer laptops, authentication tokens and more.
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.
An analysis on finding a replacement for Social Security numbers as an identifier for individuals leads the latest edition of the ISMG Security Report. Also, assessing Kaspersky Lab's responsibility for the hack of an NSA contractor's computer.
The commenting platform Disqus is resetting passwords after discovering that its database was breached in 2012. The breach is one of several older breaches that have only now come to light, thanks to the stolen data having surfaced. But how many older breaches have yet to be discovered?
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.
Modern enterprises are in the midst of a digital revolution, adapting to the demands of Business 2.0. They are looking to embrace new business opportunities, expand into new markets, and propose new product offerings, as well as be more agile in responding to existing demands. This transformation relies on digital...
The malicious use of encryption is growing at an alarming rate according to NSS Labs' BaitNET test infrastructure. Why? Encrypted web communication routinely bypasses enterprise security controls. Left unscanned, these channels are perfect vehicles for hiding infection, command & control and data exfiltration....
It difficult to decide whether to replace or to augment existing endpoint protection (EPP) because it is difficult to assess advanced endpoint protection (AEP) products as measuring some of their features can be complicated.
AEP products are promising a new standard in endpoint security, but when should...
Office of Personnel Management Chief Information Officer David DeVries says negative aspects of a Government Accountability Office report on steps OPM is taking to secure its IT paint an incomplete and not fully accurate picture of the agency's cybersecurity posture.
Britain's home secretary claims that "real people" don't really want unbreakable, end-to-end encryption - they just like cool features. Accordingly, she asks, why can't we just compromise and add backdoors, thus breaking crypto for everyone?
Ricoh's Australia office has notified banks, government agencies, universities and many large businesses about a curious data breach that, in some cases, exposed login credentials for its multifunction devices.
Demands by politicians that people must be willing to surrender their privacy rights to help security services battle cybercrime are shorthand for governments having significantly underinvested in the required resources, says information security expert Brian Honan.
A discussion on the latest happenings in the darknet marketplace leads the latest edition of the ISMG Security Report. Also, getting to the bottom of Russia's Democratic Party hack could be the ultimate goal of a lawsuit filed against the Donald Trump presidential campaign.