Using personal information gained from third-party sources to circumvent authentication protections, hackers breached 100,000 accounts of taxpayers who had used the IRS's "Get Transcript" application, which has been temporarily shuttered.
In an exclusive interview, independent security researcher Billy Rios describes security vulnerabilities that he discovered last year in medical infusion pumps, which led two federal agencies to issue recent warnings.
It's no surprise that virus-wielding hackers are exploiting Internet of Things devices. Blame too many device manufacturers rushing products to market, skimping on secure development practices and failing to audit the third-party code they use.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
MasterCard's breach settlement with Target has been derailed after not enough card issuers agreed to the terms. Now MasterCard is expected to attempt to renegotiate, while banks continue with a class-action lawsuit against the retailer.
Citing as inspiration the Manhattan Project, in which the United States developed the atomic bomb during World War II, Sam Visner is leading an effort to get cybersecurity researchers to collaborate in developing new ways to defend cyberspace.
A U.S. Department of Commerce proposal to restrict the export of so-called "intrusion software" to prevent foreign adversaries from acquiring zero-day exploits has raised concern in the developer community.
The 21st Century Cure bill, designed to advance medical research and innovation, has passed another Congressional hurdle without any revisions to controversial provisions that call for significant changes to the HIPAA Privacy Rule.
While the "Logjam" vulnerability raises serious concerns, there's no need to rush related patches into place, according to several information security experts. Learn the key issues, and how organizations must respond
Although the CareFirst BlueCross BlueShield breach is the third major hacker attack against a health insurer revealed in recent months, experts warn that other organizations, including health information exchanges, could be targeted next.
Because healthcare organizations are juggling so many information security, privacy and regulatory demands, hiring individuals with key professional certifications who can help optimize limited resources is critical, says security expert Steven Penn.
In addition to providing training, healthcare organizations should consider implementing technology to help prevent user mistakes that can lead to breaches of protected health information, says Geoffrey Bibby of ZixCorp.
CareFirst BlueCross BlueShield is the latest health insurer to be targeted by a sophisticated hacking attack. It recently discovered that an intrusion into a database in June 2014 resulted in a breach affecting 1.1 million individuals.