Password manager LastPass says the attackers behind the August security incident had access to its systems for four days. LastPass CEO Karim Toubba, sharing details about last month's breach, confirms that there is no evidence of any threat actor activity beyond the established timeline.
SandboxAQ bought French vendor Cryptosense to help organizations migrate and defend key stores and hardware security modules using post-quantum cryptography architecture. Combining SandboxAQ's network scanning capabilities with Cryptosense's visibility will help firms discard RSA-based encryption.
As the Federal Trade Commission focuses on data brokers that collect and share consumers' sensitive information, any company that participates in those activities needs to carefully review its practices, says attorney Daniel Kaufman, former acting director of the FTC's Consumer Protection Bureau.
CISA is months behind a deadline set by President Biden in 2021 to provide voluntary guidance on OT security controls for critical infrastructure firms, but the agency announced at a House subcommittee hearing its plans for public-private information sharing and grants to smaller organizations.
U.S. Democratic senators are urging the Biden administration to update HIPAA to enhance privacy protections over reproductive health data in the wake of the Supreme Court's decision to overturn Roe v. Wade and the constitutional right to abortion.
With concerns mounting over the poor state of internet traffic routing security, the U.S. departments of Defense and Justice, and cybersecurity leadership, are calling for the Federal Communications Commission to take a more active role in managing Border Gateway Protocol vulnerabilities.
Foreign investment into the U.S. will undergo added scrutiny for its implications to cybersecurity and data protection under an executive order signed by President Joe Biden. The order focuses on potential security risks of direct investors as well as their ties to third parties that may pose risks.
The latest edition of the ISMG Security Report discusses the appearance at a Senate hearing this week by the former head of security for Twitter; the top-performing web application and API protection vendors, according to Gartner's Magic Quadrant 2022; and threat trends to watch for in 2023.
The specter of Chinese data collection on U.S. citizens hung over Capitol Hill in a pair of hearings as lawmakers asked whether an open internet can survive challenges such as Beijing hacking and TikTok. An executive for the short-form video app made a rare appearance before a Senate committee.
Microsoft issued a patch for an actively exploited zero-day flaw in its latest Patch Tuesday security patch dump. The flaw allows hackers to elevate their system privileges. The update includes 63 other patches, including one other zero-day and three other critical vulnerabilities.
The FBI is the latest federal agency warning healthcare sector entities of cyberattack threats to medical devices, especially unpatched and outdated products, recommending that organizations take steps to identify vulnerabilities and "actively secure" the gear.
Enterprises need to securely enable hybrid working to attract and retain talent, says Naveen Palavalli, vice president of product strategy at Netskope. He explains how this will require network and cloud transformation as well as transformation around how data is accessed and shared.
A host of emerging technologies - including artificial intelligence, 5G cellular, quantum computing, nanomedicine and smart hospitals - offer the potential to revolutionize healthcare, but organizations must carefully evaluate the security risks, federal authorities warn.
Japanese conglomerate Hitachi has sold its small identity-as-a-service practice to Canadian software specialist Volaris Group to drive better execution around core products. The firm found it was easy to get lost within Hitachi given the conglomerate's size and focus on electronics and engineering.