To bolster security, banks in New York are planning to enact new regulations for any third party vendors they do business with.
Browsing Category: Compliance
Anthem has refused to undergo vulnerability scans and configuration compliance tests in the aftermath of a breach that may have leaked the personal information of nearly 100,000 customers and non-customers.
Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we’re making any progress in the fight against attackers.
CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve Adegbite, who spoke on the challenges of detecting silent[…]
The appetite for Twitter user data from governments around the world continues to grow, with the volume of such requests increasing by 40 percent in the second half of 2014.
Google announced that it will offer research grants to those taking part in its Vulnerability Rewards Program. The program paid out $1.5 million in 2014.
Reddit published its first transparency report and said it received a relatively low number of government requests for user information and content takedowns.
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.
In the wake of a recent enforcement action against Marriott for blocking guests’ WiFi hotspots in their hotels, the FCC is warning other hotel operators and business owners that such blocking is illegal and the commission’s Enforcement Bureau is taking note. Marriott last year paid a fine of $600,000 to settle an FCC enforcement action[…]
Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA’s “regret” for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency’s influence on crypto standards and the hope for more secure standards in the future.