Twitter security exec-turned-whistleblower Peiter Zatko today listed alleged security and privacy shortcomings of the social media company for a Senate panel. "It's not farfetched to say that an employee inside the company could take over the accounts of all of the senators in this room," he said.
The national network for connecting medical centers with donated human organs faces doubts about its ability to secure data amid concerns about its IT infrastructure. A federal watchdog has reviewed the Health Resources and Services Administration and United Network of Organ Sharing.
Tenable wants to help the cybersecurity industry move away from traditional vulnerability management focused on giving customers a list of vulnerabilities. Instead, CEO Amit Yoran wants to help customers understand their exposure and how they can effectively manage and reduce risk.
Supply chain risk must be part of an enterprisewide risk management program framework, says information security manager Matt Marciniak of financial service firm Quantile. Reducing risk requires an agile approach to supplier management, he says.
The year is ending with a cybersecurity bang - not whimper - due to the widespread prevalence of the Apache Log4j vulnerability. Researchers warn that at least 40% of corporate networks have been targeted by attackers seeking to exploit the flaw. More than 250 vendors have already issued security advisories.
Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings.
Cybersecurity is a legitimate - and significant - business risk, and it's time to frame the topic appropriately, says Robert Hill, CEO of Cyturus. He shares insight on how to discuss cyber risk appropriately with C-level leadership and the board of directors.
Zoom has apologized for sharing large sets of user data by default with Facebook, blaming the social network's software development kit, which it has removed from its iOS app. With COVID-19 driving unprecedented levels of remote working, video conferencing software is under the privacy and security microscope.
Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions.
With the advent of technology in personal healthcare - internet connected glucose monitors, intravenous blood pressure monitoring, personal best friend emotional bots - a lot of highly sensitive data that's rampantly traversing the airwaves. The impact of this data getting in the wrong hands is just starting to be...
New federal guidance that describes processes in the current round of HIPAA compliance audits - which could lay the foundation for future rounds of audits - illustrates the massive amount of documentation demanded for these "desk audits."
Even as cloud, virtualized environments and mobility continue to make the technology landscape within the enterprise more complex, it's getting harder for organizations to maintain perspective and visibility of all the pieces, says Skybox Security's EVP Stewart Fox.
An inspector general's memo that highlights three significant information security deficiencies that have plagued the U.S. Department of Labor for the past five years points out problems that most federal agencies confront.
In global business, operating under multiple jurisdictions and regulations helps build the case for governance, risk and compliance solutions. But there is more to GRC than meets the eye, says MetricStream's French Caldwell.
With large swatches of rural India preparing to go online, new Internet users, who are using devices other than PCs, need to be educated about the risks, says cybersecurity analyst Jiten Jain, CEO of the InfoSec Consortium.