A new council of healthcare CISOs hopes to work together toward improving uniformity and efficiency in the way organizations review the security controls and practices of third-party vendors that handle sensitive patient data.
Police in Shanghai are investigating the apparent loss of 130 million customers' personal details from Huazhu Hotels Group. The data exposure may trace to the Chinese hotel group's developers accidentally uploading to GitHub access credentials for a production database.
Air Canada is forcing 1.7 million mobile app account users to reset their passwords after it detected unusual login behavior that it says may have exposed 20,000 accounts, including passport information. But the company is enforcing password complexity rules that experts advise against.
So far, police have not found evidence that a major organized hacking group was responsible for the Cosmos Bank heist, which involved the theft of $13.5 million through ATMs and unauthorized SWIFT transactions. What steps should banks take to avoid becoming the next cyber heist victim?
Federal regulators are being asked to relax anti-kickback rules so that resource-strapped healthcare providers can accept certain donations or subsidies of cybersecurity products and services.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Three months after the EU's General Data Protection Regulation went into full effect, the U.K.'s data privacy watchdog says that the number of data protection complaints it has received from individuals has nearly doubled.
As general manager for payments and fraud prevention at Amazon Web Services, Keith Carlson has a unique perspective on detecting and preventing compromises in the cloud. He shares insights gleaned from dealing with scores of customers and their concerns.
Managing the cost of compliance is becoming an increasing concern for financial institutions. The dearth of experienced compliance professionals, the growing influence of big data, and escalating risk are contributing to the challenges these organizations face. There are proven strategies that can be executed to...
Industry analysts first coined the term Identity-as-a-Service, IDaaS in 2006. But today, the vast majority of IDaaS implementations still focus on the "A" - access management - leaving organizations to piece together the rest. IBM's Michael Bunyard discusses how to put "Identity" back in IDaaS.
U.S. consumers now own about 870 million IoT devices. In an interview, Al Pascual of Javelin Strategy & Research, discusses the challenges involved in securing the exploding IoT landscape.
Spain's central bank says its website was intermittently offline as it struggled to repel a distributed denial-of-service attack. The temporary disruption is a reminder "stresser/booter" DDoS-on-demand services remain inexpensive, easy to procure and often effective.
A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.
Dora Gomez of the Association of Certified Fraud Examiners discusses why security professionals should set up a framework to deal with changing regulations and threats.
Machine data and machine learning have the potential to connect disparate data sources, enabling better fraud detection and prevention, says Matthew Joseff of Splunk, who highlights real-world examples of fighting fraud with better data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.