A team of cryptographers has found that the random-number generator Dual_EC - known to have been backdoored by the NSA - was added to Juniper's ScreenOS firmware around 2008 and is still present, although the networking giant has promised to soon replace it.
The primary mission of the new Global Cyber Alliance is to identify measurable ways to mitigate cyberthreats facing the public and private sectors, says Phil Reitlinger, a former DHS official and Sony CISO, who heads the new group.
HealthcareInfoSecurity announces its fourth annual list of top influencers, recognizing leaders who are playing significant roles in shaping the way healthcare organizations approach information security and privacy.
To help remove perceived obstacles, federal regulators have issued new guidance on patients' rights under HIPAA to access their health records. Find out what the guidance says about the use of unencrypted email and other key issues.
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
While DDoS attacks were once deemed primarily a nuisance, experts now say they're becoming a routine strategy cybercriminals use as part of a campaign to commit fraud or extortion. What are the four key attack trends to watch out for in 2016?
Today's enterprise infrastructure is full of blind spots that can hide malicious threats, and traditional security tools struggle to scale up to meet increased demands. How must security leaders respond? Amrit Williams of CloudPassage shares insight.
Slamming a Ukrainian energy provider for recently falling victim to a spear-phishing email and Excel macro attack might be easy. But security experts recommend all organizations use the incident to ensure they won't fall victim to copycat attacks.
After a data breach, how can organizations cooperate with law enforcement without increasing the likelihood they'll face civil lawsuits? By sticking to the basic facts, says T.C. Spencer Pryor, partner at the law firm Alston & Bird, in this video interview.
Attorney Kevin McGinty analyzes the potential impact of a Massachusetts judge's unusual decision to allow a class-action lawsuit stemming from a health data breach to proceed, despite a lack of evidence of harm stemming from the incident.
The Federal Trade Commission's latest cybersecurity-related enforcement action points to the need to carefully scrutinize the claims software companies make about the security functions of their products.
GovInfoSecurity announces its seventh annual list of top influencers - lawmakers, top government officials, practitioners and thought-leaders whose leadership has a substantial influence on government cybersecurity policy.