Compliance News, Articles and Updates

Lawmakers, rights groups react after Senate votes to kill FCC privacy protections

Digital rights and privacy groups reacted with indignation after the U.S. Senate passed a joint resolution that would undo FCC rules banning telecom and ISP companies from selling consumers' data without their consent.

Survey: Organizations deploying emerging tech without ensuring data security first

In a classic case of putting the cart before the horse, too many organizations are deploying emerging technologies before they can shore up appropriate levels of data security, according to a new report from Thales e-Security and 451 Research.

New York State revises its sweeping cyber regulation proposal for financial sector

The New York State Department of Financial Services (DFS) on Wednesday released a revised draft of an ambitious regulation designed to protect the state and its citizens from cyberattacks against financial institutions.

Mastercard and Visa push EMV liability deadline to 2020 for automated fuel pumps

Citing technological and regulatory challenges, Mastercard and Visa have postponed their liability deadlines for merchants to employ EMV chip card technology at automated fuel pumps, from October 2017 to October 2020.

Compliance doesn't equal security, but it sure does help

Imagine using faulty information in creating a building design or developing a product or running a political campaign or formulating a new drug. That's exactly what can happen - with devastating results - when hackers or other malfeasants infiltrate an organization and corrupt its data.

U.S. Dept. of IoT? Experts debate need for Internet of Things regulation

Confronting the dangers posed by the Internet of Things, members of the House of Representatives' Energy and Commerce Committee held a hearing on Wednesday that examined the feasibility of regulating IoT devices.

IACR gives Signal its seal of approval

The IACR has certified that it could not find any discernible flaws in the Signal app, saying that it offers a well-designed and compromise-resistant architecture.

ICO deals finance firm fine, as ICO fine total mounts up

A finance firm based in London has been fined £70,000 by the Information Commissioner's Office, in retaliation for its contracted marketing firm sending out some 2.2 million unsolicited SMS messages. The fine comes as the ICO's total bill of outstanding fines mounts up, due to companies going into liquidation rather than paying them.

Too much noise to see the threats, study

A recent study found that 73 percent of security pros admitted to ineffectively using threat intelligence data effectively.

Panel: Obsession with regulatory compliance doesn't guarantee good cybersecurity

Companies should spend less time worrying about meeting minimal requirements for cybersecurity compliance, and concentrate more on how to protect their most sensitive operations, according to experts speaking today at SC Congress Chicago.

NIST study warns of security fatigue among users

Most web users are overwhelmed with warning of online threats and suffer from "security fatigue," according to the National Institute of Standards and Technology (NIST).

EFF slams HP for using security patch to thwart third-party ink purchases

The Electronic Frontier Foundation (EFF) is criticizing HP for using a security update to also install a function that when recognizing a non-HP printer cartridge triggers a printer to shut down.

RTCA airline recs aim to strengthen aviation cybersecurity

A technical committee that provides guidance to the Federal Aviation Administration has reportedly developed drafting recommendations for strengthening the aviation industry's cybersecurity posture.

Hotel operation run by Donald Trump settles breach suit with $500K fine

In a settlement, the hotel chain operated by Republican presidential candidate Donald Trump will fork over $500K in fines and improve the security of its computer network.

Survey: 34% of privacy pros expect their companies to certify under Privacy Shield

In a new survey, only 34 percent of privacy professionals whose companies transfer data from Europe to the U.S. said that they expected their businesses to adopt the newly approved EU-U.S. Privacy Shield.

WoSign mistakenly assigns two user certificates

A Chinese certificate authority mistakenly handed out legitimate user certificates for Github and the University of Central Florida (UCF) to a couple of unauthorized users.

SWIFT did not monitor weak security practices of its users - report

Former board members and senior employees at SWIFT, said the company did not monitor or make attempts to improve the poor security practices of its clients.

Apple blocks Pangu jailbreak bug with OS upgrade 9.3.4

Apple quietly issued "an important security" update on Thursday to its operating system pushing out iOS 9.3.4.

Feds nix SMS-based 2FA

Government service providers will be required to phase out the use of SMS-based two-factor authentication (2FA) as the result of new guidelines from the National Institute of Standards and Technology (NIST).

ISA presents 12-step cybersecurity program at RNC cyber forum

ISA President Larry Clinton urged lawmakers to treat cybersecurity "with a greater sense of urgency," saying in a release that the economics of cybersecurity need to be better integrated into policies.

House committee grills FDIC after report details history of data breach cover-ups

An interim report filed yesterday by the U.S. House Committee on Science, Space and Technology revealed gaping holes in the FDIC's cybersecurity posture and accused the financial institution of withholding documents pertaining to data breaches.

Ninth Circuit ruling upholds password-sharing risk

Computer users sharing their password could suddenly find themselves at risk for arrest.

Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?

London is the center of tech startups in Europe. So, how will the U.K.'s separation from the EU impact the tech sector?

HR vendor Empathia hit by potential breach

Human resources vendor Empathia announced a potential data breach affecting its employee assistance program.

Survey: 85 percent of senior security pros say more than half of IoT products are not secure

The proportion of executives who continue to distrust IoT as a secure technology is overwhelming, if a new survey from research-oriented security service firm IOActive is any indication.

Sweet validation: Apple versus FBI

CISOs say the Apple-FBI case confirms the need for strong encryption and IT security programs. Steve Zurier reports.

Compliance at risk

A federal data breach notification law would provide much needed uniformity, says David R. Singh.

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.

Emails raise more questions of Clinton infosec practices

Recently released documents set off renewed discussions about Hillary Clinton's information security practices as former U.S. Secretary of State.