Image: FDA

FDA Finalizes Guidance Just as New Device Cyber Regs Kick In

Marianne Kolbasuk McGee • September 27, 2023

The FDA has issued final guidance on how medical device makers should approach cybersecurity in their products to meet new requirements for including cyber details in their premarket product submissions. Starting Oct. 1, the FDA will "refuse to accept" submissions lacking those details.

Cybercrime

Why Entities Should Review Their Online Tracker Use ASAP

Latest

Fraud Management & Cybercrime

School, Hospital Leaders on Front Lines of Ransomware Attack

Michael Novinson • September 27, 2023

A medical center president and school district IT leader talked to lawmakers Wednesday about lessons learned from their experiences responding to harrowing ransomware attacks. 'The cyberattack was much harder than the pandemic by far,' said Vermont Medical Center President Stephen Leffler.

Big Data Security Analytics

Why Palo Alto Is Eyeing Data Defense Firm Dig at $300M-$400M

Michael Novinson • September 27, 2023

A data security startup led by a Microsoft and Google veteran and backed by Samsung and CrowdStrike could soon be acquired by Palo Alto Networks. The company is in advanced talks to buy data security posture management startup Dig Security for between $300 million and $400 million.

Multi-factor & Risk-based Authentication

CISA Urges Americans to Apply MFA, 'Think Before They Click'

Michael Novinson • September 26, 2023

CISA Director Jen Easterly urged citizens to boost their defenses by choosing strong passwords, opting for multifactor authentication, reporting phishing and enabling automatic software updates. Easterly said users should choose passwords that are complex and unique to each sensitive account.

Identity & Access Management

Microsoft Brings Passkeys, Bad Code Protection to Windows 11

Michael Novinson • September 26, 2023

Microsoft updated Windows 11 on Tuesday to simplify passwordless adoption, protect against malicious code and have the ability to refresh configuration in the event of tampering. Updates to Windows 11 allow users to replace passwords with passkeys to stop hackers from exploiting stolen passwords.

Artificial Intelligence & Machine Learning

UK's AI Safety Summit to Focus on Risk and Governance

Akshaya Asokan • September 26, 2023

The British government's first-ever global summit on artificial intelligence will focus on mitigating cybersecurity and safety risks tied to the emerging technology. The AI Safety Summit planned for Nov. 1-2 will focus on mitigating risks tied to frontier AI.

Artificial Intelligence & Machine Learning

London Cybersecurity Summit Spotlights AI and Ransomware

Pooja Tikekar • September 26, 2023

Information Security Media Group recently concluded its Cybersecurity Summit: London, which brought together industry leaders for a day of informative sessions covering a diverse range of critical cybersecurity topics, including CISOs' vulnerability to liability, ransomware threats and burnout.

Privileged Access Management

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Michael Novinson • September 25, 2023

CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Artificial Intelligence & Machine Learning

Governor at Fed Cautiously Optimistic About Generative AI

Rashmi Ramesh • September 25, 2023

Federal Reserve Board Governor Lisa D. Cook is cautiously optimistic about the impact of generative AI on jobs and productivity but urged the industry to address the "very real concerns." While she sees "broad benefits from its use, in the short term, she said, AI could disrupt the labor market.

Open XDR

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Michael Novinson • September 25, 2023

Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Breach Notification

How Will SEC Rules Affect Reporting, Tracking of Incidents?

Anna Delaney • September 25, 2023

Under new U.S. Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. Alex Hamerstone, advisory solutions director at TrustedSec, discussed the challenges ahead.

Cybercrime

Data Breach Toll Tied to Clop Group's MOVEit Attack Surges

Mathew J. Schwartz • September 25, 2023

The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

Cloud Access Security Brokers (CASB)

Cato Networks Raises $238M on $3B Valuation to Move Upmarket

Michael Novinson • September 22, 2023

A late-stage SASE startup led by a serial entrepreneur hauled in a massive equity investment to address the feature and capability needs of large enterprises. The $238 million in funding will allow Cato Networks to more tightly align CASB and DLP with SASE to safeguard cloud apps and sensitive data.