The FDA on Tuesday issued an alert about a voluntary recall by a manufacturer of a network-connected implantable device due to cybersecurity vulnerabilities. Nearly 500,000 of the cardiac pacemakers from St. Jude Medical, now owned by Abbott Laboratories, are in use in the U.S.
A federal judge has granted preliminary approval for an amended $115 million settlement in the class action lawsuit over the 2015 cyberattack on Anthem, which resulted in a breach impacting nearly 79 million individuals. An amendment frees certain others from liability in the case.
Organizations in all sectors "need to look at the CISO role as an executive position with holistic understanding and a more well-rounded background" to help ensure security goals align with business goals, says consultant Ed Amoroso, former AT&T chief security officer.
As CISO at Hearst Corp., David Hahn's security strategy must be mindful of the challenges and brand risks for well-known media properties, including ESPN and Esquire, as well as smaller, lesser-known units within the corporation. Each requires a risk management strategy.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.
The FBI has arrested Chinese national Yu Pingan on charges that he was a "malware broker" for a remote-access Trojan called Sakula that was used in the massive breaches of Anthem and the U.S. Office of Personnel Management, among other organizations.
An incident involving HIV information being potentially visible through envelope windows on thousands of letters mailed to members of Aetna's pharmacy benefits plans is an important reminder that even routine mailings present privacy risks.
Extradited Canadian national Karim Baratov, who's been accused of helping the Russian intelligence officers who allegedly ordered up the hacking of 500 million Yahoo users' accounts, pleaded not guilty to related charges in a San Francisco federal courtroom.
There's another option for governments trying to overcome the end-to-end encryption barrier: buy a zero-day software exploit. One prominent zero-day broker, Zerodium, has added encrypted messaging apps to its bounty list.
With claims of wanting to dispel "the myth about doping-free football," the Russian-linked hacker group Fancy Bear has released health records related to alleged drug use of more than 150 soccer players worldwide. What's the message they're sending?
Hiring managers will need to get increasingly creative to find talent to fill their vacant information security positions, particularly in a shallow talent pool that is forecasted to get even thinner. Experts in the hiring trenches offer seven key tips to consider.
Delaware has become the second state - the first was Connecticut - to require organizations to provide residents one year of free credit monitoring services if their sensitive personal information is compromised in a data breach. Will other states take similar action?
EDR (endpoint response and detection) products are powerful tools that provide a play-by-play of exactly what happened on a computer during and after an attack. But the products require the right expertise to get the most value, a Gartner analyst says.