Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.
NIST has issued long-awaited guidance on how to approach IT security as an engineering discipline. It's designed to help organizations build secure, trustworthy systems that meet evolving challenges, including the growth of the internet of things.
The success of Operation SAMBRE, a global cybercrime investigation into the theft of billions of dollars from banks throughout the world, proves why information sharing between law enforcement and the private sector is key to battling cybercrime.
It's been a hot topic for years, but we are still only in the earliest stages of ensuring medical device security, according to expert Kevin Fu of Virta Laboratories. In this video interview, Fu discusses how this focus will evolve in 2017.
Yahoo in 2014 spotted that an attacker - later revealed to have compromised 500 million accounts - was inside its network, according to a new SEC filing. With Yahoo's $4.8 billion sale to Verizon still pending, the admission adds to the search giant's complications.
President-elect Donald Trump will review the nation's cyber vulnerabilities at the start of his presidency, just like Barrack Obama did. But Trump hasn't demonstrated the deep understanding of cyber that Obama did when he took office nearly eight years ago.
Did security vendor Cylance lean too heavily on decade-old research into weaknesses in a still-used electronic voting machine in order to get pre-election day headlines? A company spokesperson says no.
U.K. Chancellor Philip Hammond used the launch of Britain's new five-year National Cyber Security Strategy to trumpet the country's strike-back capabilities. But other parts of the strategy - including more automated defenses - hold much greater promise.
As if the internet of things didn't seem secure enough, now we have to worry about apps on our smartphones posing a risk too. At Black Hat Europe, researchers from Invincea Labs demonstrated zero-day flaws in Belkin's WeMo home-automation device firmware as well the WeMo Android app, which have been patched.
I'm looking forward to this week in London, where Jason Tunn of the Metropolitan Police Service will walk us through a high-profile cybercrime investigation that resulted in the 2015 arrest of two British hackers with links to Russia after they attacked leading U.K. banks with the Dridex banking Trojan.
The ransomware-as-a-service operation known as Cerber is earning at least $200,000 per month via ransoms paid by victims, says Check Point Software Technologies' Gadi Naveh. In an audio interview, he explains that bitcoins and high levels of automation are key to the operation's success.
During a recent business trip to San Francisco, ATM security expert John Buzzard stumbled upon an ATM that had been damaged by an explosive substance - a vivid reminder of an emerging threat. Buzzard offers insights on the latest ATM risks.
This year, the annual Black Hat Europe conference decamps from Amsterdam to London. What's in store? Everything from mobile ransomware and quantum-resistant crypto to "ego markets" and how to turn Belkin IoT devices into launch pads for DDoS attacks.