A council chaired by Treasury Secretary Janet Yellen and comprised of the heads of major federal financial regulatory agencies called on Congress to more closely regulate the spot market for crypto assets. A report from the council identifies risks in digital assets, including cybersecurity.
A Senate committee this week approved a bill that would create governmentwide standards for identity verification and provide grants to help states and local agencies upgrade ID systems and offer online digital identity services. Supporter Jeremy Grant hopes to see a full Senate vote in 2022.
Passwords are supported everywhere. But, says Andrew Shikiar, executive director of the FIDO Alliance, "they have been proven time and time again to simply be unfit for today's networked economy." In this episode of "Cybersecurity Unplugged," Shikiar discusses how to move beyond passwords.
The U.S. Department of Defense uncovered almost 350 vulnerabilities in the department's networks as part of its experimental bug bounty program launched on American Independence Day. The weeklong bug bounty challenge called "Hack U.S." ran from July Fourth to July 11.
A Maryland couple faces federal indictment for an alleged conspiracy to provide the Russian government with military medical records. Anna Gabrielian and U.S. Army Maj. Jamie Lee Henry supplied an undercover FBI agent with medical records of military personnel.
Security firms must increasingly follow U.S. government security requirements even if they don't serve federal agencies themselves, says Avi Shua, Orca Security co-founder and CEO. That's because cloud vendors such as Orca often serve businesses that contract or subcontract with the U.S. government.
In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.
A watchdog security audit of a south Texas VA center identified a variety of deficiencies related to legacy systems still in use years after no longer being supported with vendor updates. The findings represent the state of security at many organizations across the healthcare sector, experts say.
Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.
The United States is arguably involved in a cyberwar against Russia and China - and appears to be losing. In this episode of "Cybersecurity Unplugged," Tom Kellerman of Contrast Security and Richard Bird of Traceable.ai discuss what the U.S. government and companies need to do to win this cyberwar.
The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.
"It's stupid and adds zero value," writes Ian Keller, director of security at a telecom company, about connecting hospital networks - and especially life-sustaining information - to the internet. He encourages CISOs to be socially responsible about their moral obligation to patients.
The Department of Treasury and the Cybersecurity and Infrastructure Security Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyberattack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.
Chat app WhatsApp patched two memory-related flaw that could be exploited by an attacker as a first step to installing smartphone malware on Android or Apple devices. WhatsApp vulnerabilities can be highly valuable to malicious actors.
Jamf plans to buy startup ZecOps to extend its ability to detect and respond to sophisticated threats across Mac, iOS and Android devices. Jamf's proposed acquisition will provide threat hunting tools to determine if any advanced attacks have compromised mobile devices.