The OpenSSL Heartbleed bug hasn't died, with recent scans still finding 250,000 Internet-connected systems that remain vulnerable. Security experts recommend enterprises expand their patching efforts to find devices with embedded firmware that contain the flaw.
In the ongoing fight against Medicare fraud, federal authorities are turning to fingerprint-based criminal background checks for certain healthcare providers and vendors. Find out who is being screened, and why.
Following summertime engineering team layoffs, Microsoft has botched two Windows fixes and failed to issue updates to address three Windows flaws that were spotted by Google, which the search giant revealed publicly 90 days after privately notifying Microsoft.
President Obama urged Congress in his State of the Union address to pass legislation to better meet the evolving cyberthreat, but spent very little of the speech explaining its dangers or detailing his cybersecurity legislative agenda.
In the aftermath of a payment card breach, as fraudsters race to exploit the stolen information, card issuers and affected customers take steps to mitigate risks. Here's a look at the lifecycle of a payment card breach from three perspectives.
Last year, a number of application vulnerabilities led to compromises of many organizations' systems, serving as an important reminder that application security is vital to any breach prevention effort. Here, experts offer four app security tips.
The U.S. likely won't complete its implementation of EMV for many years to come, despite the October 2015 liability shift date for counterfeit card fraud, many forecasters say. And until it's fully deployed, EMV will have little impact on fraud.
Some experts are concerned that the Department of Health and Human Services' Office for Civil Rights isn't taking bold enough action in stepping up its efforts to enforce HIPAA. Learn more about their areas of concern.
New York State Attorney General Eric Schneiderman proposes updating state law to require businesses, including out-of-state firms with New York customers, to implement new safeguards to protect personal consumer data they store.
ENISA - the EU agency responsible for bolstering European cybersecurity practices - is calling on Internet infrastructure providers to adopt best practices for combatting routing threats, DNS spoofing and poisoning attacks, as well as DDoS disruptions.
CISOs are moving from being entrenched in technology issues to becoming more involved in top-level business matters, which requires new skills, says George McCulloch, who leads the new Association for Executives in Healthcare Information Security.
The FBI's attribution of the attack against Sony Pictures Entertainment to North Korea was based, in part, on NSA intelligence gleaned from the agency having infected a significant number of North Korean PCs with malware, a news report says.
The inappropriate use and disclosure of patient information for marketing purposes by an insurer in Tennessee offers a reminder of the importance of complying with HIPAA's marketing-related provisions.
President Obama says he sees the need for law enforcement to gain access to terrorists' encrypted data, but stops short of calling for a law to require manufacturers to provide a so-called "backdoor" to break encryption on mobile devices.