John Kelly, in his first speech as the U.S. homeland security secretary, says the American government can't combat the cyberthreat without the active collaboration of the private sector. "The government, God knows, can't do it by itself," Kelly says.
The U.S. regulation that forbid ISPs from selling information about web activity without a customer's permission is gone. But it's still possible to maintain privacy on the Web even if prying eyes are watching.
Like many other inventions now common in modern life, distributed cybercrime may seem trivial today. But this concept emerged little more than a decade ago and has already dominated the threat landscape.
The Department of Homeland Security, which missed meeting last week's deadline for submitting a new cybersecurity strategy to Congress, could be months away from providing lawmakers with that policy, a top DHS cybersecurity official says.
Google has run out of patience with Symantec's digital certificate business. It has outlined a plan that over time will have its Chrome browser reject all of Symantec's existing digital certificates and force all of its future certificates to be reissued every nine months.
With the rapid changes in the threat landscape and the risks introduced by DevOps, the cloud and other new elements, organizations need to have a continuous vulnerability assessment program as a security baseline, says Richard Bussiere of Tenable Network Security.
Cloud services firm Coupa is one of the latest business email compromise victims, after a fraudster pretending to be its CEO faked out the HR department and stole all of its 2016 employees' W-2 forms. Security experts say rigorous training remains the only viable defense.
The Trump administration has called for trimming the budget for the Department of Health and Human Services by 18 percent. But what do we know so far about proposed funding for HHS initiatives designed to help ensure health data security and privacy?
A federal watchdog agency review of the Massachusetts Medicaid information security program identified weaknesses that appear to be common at government agencies as well as healthcare organizations. What key vulnerabilities were identified?
If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.
U.S. prosecutors are expected to soon issue indictments charging four individuals with launching hack attacks against Yahoo, Bloomberg reports. But it's unclear to which of the two massive Yahoo breaches the charges might relate.
FBI Director James Comey worries about data corruption, and he's focused on hackers altering data. But if government leaders feed false information into computer systems, what should IT and IT security practitioners do to protect data integrity?
An important theme that emerges from the HHS Office for Civil Rights' dozens of HIPAA settlements is that all aspects of compliance are critical and subject to close scrutiny by federal regulators, says former OCR director Leon Rodriguez.
The latest version of the Trump administration's draft cybersecurity executive order would direct the federal government to take a risk-based approach to IT security and hold agency heads responsible for the security of their organizations' IT assets.