European officials are asking the United States if the EU-U.S. deal for sharing personal information among businesses - dubbed the Privacy Shield - should be considered null and void as a result of an executive order issued by President Donald Trump.
The subscription-based breach notification service LeakedSource appears to have gone dry. Security expert Troy Hunt says the privacy writing has been on the wall for the site, owing to it selling access to stolen personal data.
Russian authorities have reportedly arrested a top computer security official at the Federal Security Service as well as a head Kaspersky Lab investigator on treason charges, alleging that they received money from "foreign organizations."
Microsoft does not have to turn over emails stored outside the U.S. to federal authorities investigating a crime, an appeals court has affirmed. The closely watched case, which explored the territorial boundaries of U.S. law in the cloud computing age, could end up at the Supreme Court.
As President Trump delivered his inaugural address, the White House transitioned its website from the Obama to the Trump administration. Immediately, Trump's team posted a series of position papers, including one that addressed - albeit briefly - cybersecurity.
Information security researchers have charted a steep decline in Locky ransomware and Dridex banking Trojan distribution in recent weeks. While that's good news, it may only reflect that a cybercrime gang is on vacation.
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
A U.K. Information Commissioner's report on its investigation into a 2015 TalkTalk breach offers essential information security takeaways for any organization that wants to avoid being breached, says David Stubley of 7 Elements.
Localized skimming attacks, whether waged against ATMs or self-service gas pumps, continue to wreak havoc on banks and credit unions. And we're likely to see an uptick in 2017 as fraudsters ramp up their efforts to cash in.
A federal court recently ruled that the structure of the Consumer Financial Protection Bureau, which is led by a single director, is unconstitutional. Cybersecurity attorney Chris Pierson assesses whether the potential restructuring of the CFPB could have any impact on the bureau's oversight of banks.
The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
Over the years, HHS has released several guidance documents, but all are weak and without mandates as it relates to identity management and authentication of entities accessing protected health information. Guidance typically includes words like "may" and "should," but rarely include words like "shall" or "must."
Leading the latest edition of the ISMG Security Report: an analysis of the impact on healthcare information security and privacy of the 21st Century Cares Act, which President Obama signed into law Dec. 13. Also, a report on the spread of malvertising and an update on the Bangladesh Bank cyber heist.