Kevin Greenfield, director of bank IT for the Office of the Comptroller of the Currency, says FFIEC agencies are working to help financial institutions shore up cybersecurity, and a big focus for regulators is third-party risks.
Anthem Inc. has refused to allow a federal watchdog agency to conduct vulnerability scans of its systems in the wake of its recent massive data breach. The health insurer also refused to allow scans by the same agency in 2013.
Many Apple and Android devices are vulnerable to a TLS/SSL "Freak" flaw, which could be exploited to subvert secure Web connections. The flaw is a legacy of U.S. government export restrictions on strong crypto.
A recent incident involving disposed in a vendor's dumpster is an example of why healthcare organizations say business associates taking inadequate security steps ranks as their No. 1 perceived breach threat today.
Canadian Internet service provider Rogers Communications has confirmed that information about the company and its customers was leaked after attackers successfully targeted one of its employees via a social engineering attack.
Information on 50,000 drivers for ride-sharing service Uber was breached in May 2014, the company discovered in September and announced on Feb. 27. Uber has launched a related lawsuit and is seeking records from code-sharing website GitHub.
Financial crimes, fraud and cybersecurity. These topics are quickly converging upon security organizations, and leaders must be prepared. FICO's Stuart Wells discusses the tools and skills needed for convergence.
SIM card manufacturer Gemalto says its investigation into a reported U.S. and U.K. intelligence agency espionage operation found that its internal networks housing encryption keys weren't breached. But security experts question those findings.
This year could mark a turning point for the sharing of threat intelligence, but only if the government is able to build a framework that instills private-sector trust, says threat researcher Lance James.