A class-action lawsuit filed by a government employees’ union against the Office of Personnel Management as a result of the massive data breach at OPM that affects more than 18 million people alleges that not only did the agency know about vulnerabilities in its network long before the attack, but that the agency’s director and[…]
Browsing Category: Compliance
Influential security researchers have begun publishing their comments, objections and concerns regarding the proposed U.S. export control rules under the Wassenaar Arrangement.
To bolster security, banks in New York are planning to enact new regulations for any third party vendors they do business with.
Anthem has refused to undergo vulnerability scans and configuration compliance tests in the aftermath of a breach that may have leaked the personal information of nearly 100,000 customers and non-customers.
Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we’re making any progress in the fight against attackers.
CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve Adegbite, who spoke on the challenges of detecting silent[…]
The appetite for Twitter user data from governments around the world continues to grow, with the volume of such requests increasing by 40 percent in the second half of 2014.
Google announced that it will offer research grants to those taking part in its Vulnerability Rewards Program. The program paid out $1.5 million in 2014.
Reddit published its first transparency report and said it received a relatively low number of government requests for user information and content takedowns.
Microsoft publishes a framework and guidelines on how to effectively set up and operate threat information sharing exchanges in hopes that organizations will actually share data.