Granicus, one of the largest IT service providers for U.S. federal and local government agencies, acknowledges that it left a massive Elasticsearch database exposed to the internet for at least five months, but it says the risks involved were low.
The U.S. Census Bureau has not done enough to address cybersecurity issues in preparation for the 2020 census, which is slated to begin in April, according to a new report from the Government Accountability Office.
Hacking incidents involving email appear to be the most common type of major health data breach being reported to federal regulators so far in 2020. But the largest breach added to the tally involved a type of incident rarely seen in recent years: the theft of an unencrypted laptop.
Globally, the coronavirus has infected more than 75,000 people and led to over 2,000 deaths. But business travelers should avoid panic, says pandemic expert Regina Phelps, who offers preventive health tips for those headed to international events, such as the RSA 2020 conference.
Although many healthcare organizations are becoming more mindful of the security risks posed by vendors, they're not consistently vetting these companies or adequately mitigating risks, says Andrew Hicks of the consultancy Frazier & Deeter, who offers strategic insights.
Information Security Media Group, a premier media partner at the annual RSA Conference, will conduct over 200 video interviews at this year's event with cybersecurity thought leaders, executives, CISOs and sponsors.
Time for a fresh edition of "learn from how others get breached" focusing on Equifax. The goal is not blame, but rather to highlight specific missteps so others can avoid making the same mistakes. The Equifax breach offers a plethora of takeaways to help organizations better repel attackers.
Who's surprised Chinese military hackers allegedly hacked Equifax? For a foreign power that continues to attempt to amass personal information on its adversaries, targeting a business that gets rich by buying and selling Americans' personal data remains an obvious play.
The U.S. Senate Intelligence Committee released its third report on Russian interference during the 2016 presidential election, finding that the Obama administration struggled to respond and more needs to be done to avoid disruption this year.
A Texas orthopedic practice says a recent malware attack "permanently damaged" thousands of electronic patient records. It's the latest in a string of healthcare incidents in which various forms of malware rendered records inaccessible.
If Iowa's experiment with a new tabulation app during the Democratic caucuses is the warmup for the 2020 presidential election process, then we're in for a bumpy ride. But what happened there isn't a technology problem. It's a human problem rooted in a failure to properly evaluate risk.
The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect the confidentiality, integrity and availability of data in light of increasing threats from ransomware and other large-scale cyber events.
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
U.K. officials reportedly are considering a proposal to allow China's Huawei to play a limited role in providing certain equipment for the country's 5G rollout, which would defy calls from the U.S. for a complete ban of telecom gear from the company.
Federal regulators are warning healthcare providers about six vulnerabilities in some of GE Healthcare's medical device systems that could allow attackers to remotely take control of the gear. The company is working on patches.