A just released update to the FFIEC's Cybersecurity Assessment Tool helps make meeting regulators' demands for "baseline" cybersecurity more attainable, says Amy McHugh, a bank adviser and former IT examination analyst for the Federal Deposit Insurance Corp.
In the wake of the London Bridge attacks, Stella Rimington opened the Infosecurity Europe conference in London with lessons learned from her tenure as director general of Britain's domestic security service, MI5.
A discussion analyzing the difficulty of striking a balance between IT functionality and cybersecurity leads the latest edition of the ISMG Security Report. Also featured: Updates on sizing up weaknesses in biometrics and the potential to exploit LED lights to leak sensitive data from routers.
Flaws in Subaru's telematics software, discovered by a security researcher, could have been exploited to unlock the doors or provide remote access to a car's location history. The problems - now fixed by Subaru - underscore carmakers' ongoing cybersecurity challenges.
On the eve of Europe's biggest annual cybersecurity conference, and scores of interviews with some of the world's leading information security experts, I'm asking how the London Bridge attacks will change the tenor of at least some of these discussions.
The annual Infosecurity Europe conference returns to London this week, offering discussions of the latest information security practices, procedures and technologies as well as deep-dives into privacy, cybercrime, policing, surveillance, GDPR and more.
Kmart has suffered a data breach affecting "some, not all" of its 735 U.S. locations as a result of its point-of-sale systems being infected by malware designed to siphon payment card data. The retailer described the malware as "undetectable by current anti-virus systems and application controls."
Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.
Two security researchers are attempting to crowdfund a recurring subscription fee to Shadow Brokers' monthly exploit dump club in hopes of helping to prevent or blunt future outbreaks of the WannaCry variety. Cue ethical debate.
Cyber-intelligence expert Tom Kellermann sees a growing hostility in cyberspace, and he fears a new wave of advanced threats aimed not just at committing crimes, but at breaching critical infrastructure. Who are the top threat actors, and what are their key targets?
Cybersecurity incidents have evolved considerably since the TJX and Heartland breaches of 2007-08. And so has the discipline of incident response, says former prosecutor Kim Peretti, now a partner at the law firm Alston & Bird. She defines incident response 2.0.