Compliance News, Articles and Updates
In a new survey, only 34 percent of privacy professionals whose companies transfer data from Europe to the U.S. said that they expected their businesses to adopt the newly approved EU-U.S. Privacy Shield.
A Chinese certificate authority mistakenly handed out legitimate user certificates for Github and the University of Central Florida (UCF) to a couple of unauthorized users.
Former board members and senior employees at SWIFT, said the company did not monitor or make attempts to improve the poor security practices of its clients.
Apple quietly issued "an important security" update on Thursday to its operating system pushing out iOS 9.3.4.
Government service providers will be required to phase out the use of SMS-based two-factor authentication (2FA) as the result of new guidelines from the National Institute of Standards and Technology (NIST).
ISA President Larry Clinton urged lawmakers to treat cybersecurity "with a greater sense of urgency," saying in a release that the economics of cybersecurity need to be better integrated into policies.
An interim report filed yesterday by the U.S. House Committee on Science, Space and Technology revealed gaping holes in the FDIC's cybersecurity posture and accused the financial institution of withholding documents pertaining to data breaches.
Computer users sharing their password could suddenly find themselves at risk for arrest.
London is the center of tech startups in Europe. So, how will the U.K.'s separation from the EU impact the tech sector?
Human resources vendor Empathia announced a potential data breach affecting its employee assistance program.
The proportion of executives who continue to distrust IoT as a secure technology is overwhelming, if a new survey from research-oriented security service firm IOActive is any indication.
CISOs say the Apple-FBI case confirms the need for strong encryption and IT security programs. Steve Zurier reports.
A federal data breach notification law would provide much needed uniformity, says David R. Singh.
For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.
Recently released documents set off renewed discussions about Hillary Clinton's information security practices as former U.S. Secretary of State.
Tampa International Airport has expedited and expanded an audit of its network security, following the resignation of an IT consultant who was allegedly found to have shared system passwords with unauthorized parties.
Germany, the United States and Australia were not shy when it came to asking Apple for customer information filing thousands of requests in the second half of 2015.
Microsoft is rolling out new certifications provided through the company's data portal.
A new report found that 16% of organizations do not use any cybersecurity framework and even among companies with more than 10,000 employees, 10% do not currently use a security framework.
The Privacy Shield negotiations have produced an unprecedented agreement between the US and the EU that there will be safeguards against the bulk collection of the EU citizens' data but critics are unconvinced.
For the first time, Google has added an HTTPS report card to its Transparency Report, tracking its progress toward its stated goal of 100 percent SSL/TSL encryption of data in transit.
A new blog post by security researcher Tavis Ormandy chastises security software certification programs for giving antivirus products high grades despite the presence of multiple low-hanging vulnerabilities.
The White House has released a draft of its Source Code Policy, which establishes rules for sharing custom software between federal agencies, in hopes of improving government access to applications and reducing development costs.
A senior U.S. Department of Commerce official spoke with SCMagazine.com Friday morning to defend the virtues of the newly introduced U.S.-EU Privacy Shield pact.
The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).
The DoD has publicly disclosed its new Cybersecurity Discipline Implementation Plan, which assigns leaders across all military branches greater responsibility for fortifying operational systems against cyber intrusions.
Digital rights group the Electronic Frontier Forum (EFF) yesterday came out swinging against the Privacy Shield, the intended successor to the recently invalidated EU-U.S. Safe Harbor agreement.
A survey of IT professionals casts light on some of the trust and compliance challenges that plague the information security sector.
As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.
64 percent of more than 1,100 IT security executives believe that simply meeting cybersecurity compliance requirements, as opposed to striving for best practices, is "very" or "extremely" effective at preventing data breaches.
SC Magazine Articles
- Yahoo breach; State-sponsored actors suspected, at least 500 million accounts affected
- Education sector bullied by ransomware and can barely defend itself, report
- Cybercriminals already able to hack ATM biometric readers
- DetoxCrypto ransomware imitates Malwarebytes software
- Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Hard Rock Hotel & Casino Las Vegas hit with POS breach
- X-ray and MRI machines among devices used as springboards for data breach attacks
- Hacker purportedly selling over 650,000 stolen medical records on dark web marketplace
- Wi-Fi warning! Study finds U.S. unaware of public Wi-fi risks
- OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attacks
- IoT assault, connected devices increasingly used for DDoS attacks
- Cybercriminals already able to hack ATM biometric readers
- Cities planning transparency laws for police surveillance tech
- Malicious apps leveraging top UK brands has increased by 130%