Congressman Will Hurd has a simple request for U.S. government agencies: Have you been using vulnerable Juniper Networks devices? But Congress needs to consider tougher questions about its culpability in this backdoor debacle.
The Ukrainian energy sector is being targeted by fresh phishing attacks, the country's computer emergency response team warns. But it's not clear who's behind those campaigns, or a recent malware infection at Kiev's main airport.
Because of the U.S. migration to EMV, 2016 is expected to be a watershed year for mobile payment adoption, says Randy Vanderhoof of the EMV Migration Forum. Now, he says, the industry should be more focused on new applications hitting the market than on the number of adopters.
Microsoft has patched a new, critical remote code execution vulnerability affecting all versions of Internet Explorer, but it's now only supporting and patching IE 11 and Edge. Potentially, several hundred million users of old IE versions are now at risk.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
A judge has dismissed a class-action lawsuit against Michaels, filed after the retailer warned that POS malware-wielding attackers had successfully stolen details of an estimated 2.6 million payment cards. But the ruling isn't a surprise - here's why.
The FFIEC's Cybersecurity Assessment Tool is already being integrated into regulators' cybersecurity examinations, says Gartner analyst Avivah Litan. But the tool has so far led to more confusion than clarity, she says, and must be enhanced in 2016.
Expect rebooted European Union data privacy rules to drive organizations worldwide to begin minimizing the amount of information they collect and store on individuals in 2016, both to protect privacy as well as minimize the impact of data breaches.
An inspector general report on a Federal Reserve audit raises more questions than it answers regarding the security risks facing one of the Fed's information systems. The executive summary of the audit fails the transparency test to inform the public.
Improving breach detection and defenses involves much more than buying the latest technology, warns security expert Haroon Meer. "We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago."
The top video interviews of the past year featured, among others: Bob Carr of Heartland Payments, Eduardo Perez of Visa and cybersecurity attorney Joseph Burton. Check out their thought-provoking insights.
A security researcher claims he's found an Internet-connected "leaky database" that is storing voter registration records for 191 million Americans. But who's apparently been leaving the information exposed?
Hyatt warns that it's the latest hotel chain to fall victim to POS malware. It's offered scant breach-related details, but lots of bromides about taking payment card security seriously and urging customers to keep paying by card.
As it continues to ramp up its cybersecurity enforcement efforts, the FTC could take action next year against consumer wearable device makers if they fail to live up to their promises to protect the privacy of health data and other information, says researcher Stephen Cobb, who also expects scrutiny from the FDA.