A bipartisan group of lawmakers has introduced a bill to help U.S. telecommunications providers "rip and replace" any Chinese-built networking equipment. The move comes as many experts warn that using Huawei or ZTE 5G equipment poses an unacceptable national security risk.
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
What are some of the most important aspects in managing vendor security risk when taking on third parties to handle sensitive data? Mitch Parker, CISO of Indiana University Health, explains the critical steps his organization is taking in its approach to vendor risk.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
Why did U.S. President Donald Trump discuss cybersecurity firm CrowdStrike with the president of Ukraine, saying "the server, they say Ukraine has it"? Experts say Trump appears to be referring to one or more conspiracy theories, none of which have a basis in reality.
Europe's top court has ruled that Google does not have to remove links to sensitive personal data globally under the EU's "right to be forgotten" requirements, saying the requirement only applies in Europe.
The U.S. Justice Department has sued Edward Snowden over his new memoir, claiming that the former NSA contractor violated a nondisclosure agreement he signed when he worked for the government before becoming the world's best-known whistleblower. The suit seeks to collect all profits from the book.
Ahead of the release of Edward Snowden's memoirs chronicling his decision to bring illegal "big data" domestic U.S. surveillance programs to light, a former NSA intelligence specialist points out that the U.S. still lacks a whistleblowing law to protect intelligence workers who spot illegal activity.
Paige A. Thompson, who prosecutors allege hacked into Capital One's network to access millions of credit card applications, has pleaded not guilty to federal computer crime charges. Her tentative trial date is Nov. 4.
Google will pay a $170 million fine to settle allegations that its YouTube subsidiary illegally collected personal information about children without their parents' consent, according to the Federal Trade Commission. But some children's right groups and members of Congress say the penalty is far too low.
Providence Health Plan says some of its members were among the nearly 3 million individuals affected by a data breach revealed by health plan administrator Dominion National in June. What lessons are emerging from that security incident and others involving third parties?
What role does security play in an enterprise's digital transformation? ISMG and Nominet recently raised this question to a group of security leaders in Las Vegas. The answers were eye-opening. Stuart Reed of Nominet shares his reaction to the roundtable discussion.
Do criminal organizations prefer to target organizations that hold cyber insurance policies? A ProPublica report suggests that because cyber insurance policyholders are more likely to pay ransoms, they're a more frequent target. But some cybersecurity experts have expressed skepticism.