Browsing Category: Compliance

Watchdog Says Government Failing To Enforce HIPAA Privacy Protections

The Government Accountability Office (GAO) is warning that the U.S. government hasn’t lived up to promises to protect the privacy of Medicare patients who use the federal government’s Prescription Drug Benefit and not following through on promises to audit organizations that store patient health information.

Read more...

FDA: Software Failures Responsible for 24% Of All Medical Device Recalls

Software failures were behind 24 percent of all the medical device recalls in 2011, according to data from the U.S. Food and Drug Administration, which said it is gearing up its labs to spend more time analyzing the quality and security of software-based medical instruments and equipment.

Read more...

Infections At Medical Device Firm Lasted For Months

New evidence suggests that a Web site hosting software updates for life saving medical equipment was the victim of a massive SQL injection attack and may have been redirecting visitors to a site serving up attacks and malicious software for months before the company became aware of the compromise.

Read more...

Software Update Site For Hospital Respirators Found Riddled With Malware

UPDATE: A Web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise, Threatpost has learned. 

Read more...

Industry Groups Bid To Control New .Bank And .Insurance TLDs

Two financial industry groups: The American Bankers Association (ABA) and the Financial Services Roundtable announced on Thursday that they have applied to the Internet Corporation for Assigned Names and Numbers (ICANN) to operate to top level Internet domains, .bank and .insurance, on behalf of the financial services industry.

Read more...

Report Predicts Huge Hike in Employers Monitoring Social Media

Categories: Compliance

In addition to watching what you say at the office, you may want to be extra careful what you post about work on blogs, Facebook, YouTube and Twitter.

This admonishment is not new, but a Gartner report predicts up to 60 percent of corporations worldwide will monitor employees’ social media use for security breaches within the next three years. Currently, only 10 percent of companies keep tabs on what employees say about them online and its mainly as reputation, rather than risk, management.

Read more...

Moxie Marlinspike on TACK, Convergence and Trust Agility

Dennis Fisher talks with Moxie Marlinspike about his new IETF proposal, TACK, which lays out a way for sites to assert the authenticity of their public keys. They also discuss the Convergence system for replacing the CA infrastructure and the ways in which browser vendors can help enable better trust agility for users.

Read more...

DHS To Critical Infrastructure Owners: Hold On To Data After Cyber Attack

The Department of Homeland Security Is Offering Organizations That Use Industrial Control Systems advice or mitigating the effects of cyber attacks. Among the agency’s recommendations: hold on to data from infected systems and prevent enemies from moving within your organization.

Read more...

A CISO’s Guide To Application Security – Part 5: Justifying an Investment in AppSec

Categories: Compliance, Web Security

This post is the last in a 5-part series on Application Security, or “AppSec”. By Fergal GlynnThis blog post series has examined the growing threats to software, defined the components of a sound AppSec program, described an evolutionary path to AppSec maturity, and considered a number of tools and technologies worthy of investment. Ultimately, it is the Chief Information Security Officer (CISO) or equivalent’s responsibility to mitigate the enterprise’s level of software risk as part of a comprehensive infosec strategy. In this, the final post in this series, let’s review the return on investment possible from a sound AppSec program, including ways to build a business case for further investment in this critical IT security discipline.

Read more...

DHS Warns About Threat Of Mobile Devices In Healthcare

In a bulletin, the Department of Homeland Security (DHS) is warning healthcare organizations about the threat posed by insecure, network attached medical devices and the proliferation of smart phones, tablet PCs and other mobile devices in medical settings.

Read more...