Mumbai-based Meru Cabs, which offers online and mobile-app cab bookings, has been inadvertently exposing customer data to the Internet. How did the exposure occur, and what is Meru doing to address the flaw?
Some federal lawmakers are concerned that passing a national data breach notification law would weaken security protections found in certain states' statutes. That's a major reason getting a national law enacted will prove difficult.
Banks are not doing enough to ensure that third-party service providers are taking adequate cybersecurity steps, according to the New York State Department of Financial Services, which is considering ramping up regulatory scrutiny.
As financial institutions update their defenses in light of new types attacks - from scams to network-penetrating cyber-attacks - they need to ensure they factor in all of the ways that their systems and employees might be targeted or manipulated.
Target is the high-profile example, but many organizations have been breached through third-party vulnerabilities. Where are the security gaps, and how can they be filled? BitSight's Stephen Boyer offers insight.
President Obama twice threatened to veto info sharing bills sponsored by Rep. Mike McCaul. So when the Texas Republican backs the Democratic president's plan for a cyberthreat intelligence center, you've got to think it's a great idea. Maybe, maybe not.
The latest entrant into the password "hall of shame" is Sony Pictures Entertainment. As the ongoing dumps of Sony data by Guardians of Peace highlight, Sony apparently stored unencrypted passwords with inadequate access controls.
Retailers cannot avoid innovation. Yet, cybercriminals thrive when retailers innovate. What, then, can retailers do to stop cybercriminals from breaching their defenses? Here are three key questions to answer.
The point-of-sale vendor behind the Jimmy John's breach has stepped forward, saying that, along with the 216 impacted Jimmy John's eateries, an additional 108 different restaurants have been compromised.
What's as disturbing as news of the Chinese hacking U.S. defense contractors' systems is that the contractors failed to notify the military of most of those intrusions because of how they interpreted cyber-intrusion reporting requirements.
The Office of Personnel Management's decision to stop using U.S. Investigations Services for certain security clearance services, which came a month after a breach of company computers, could be as much a reflection on OPM as it is on USIS.
A Government Accountability Office report on agencies' oversight of the security of contractor-operated IT systems contains the revelation that the U.S. government does not know how many of its systems are run by vendors.
As a customer, Delaware Chief Security Officer Elayne Starkey has seen the evolution of cloud computing over the past three years to a point where she has more sway over the security terms of cloud services contracts.
Federal authorities say the successful prosecution of a member of an international cybercrime ring proves progress is being made in shuttering ATM cash-out schemes. But some experts say processors and prepaid cards will continue to be targeted by attackers.