Video conferencing vendor Zoom has opted to make major changes to its Mac application after a security researcher found several weaknesses in it. The changes come after the researcher refused a bug bounty and instead went public after 90 days, putting pressure on Zoom.
Sensitive information, including credit card and phone numbers, was left exposed to the internet on an unsecured database belonging to Fieldwork Software, which provides cloud-based services to small businesses, researchers note in a new report.
Britain's privacy watchdog says it plans to fine hotel giant Marriott $125 million under GDPR for security failures tied to a 2014 breach of the guest reservation database for Starwood, which Marriott acquired in 2016. Undiscovered until 2018, the breach exposed 339 million customer records.
The federal government, device manufacturers and healthcare delivery organizations have all raised their games to address medical device security. Now it's time for patients - those truly impacted by devices - to have their say in the discussion, says Suzanne Schwartz, M.D., of the U.S. Food and Drug Administration.
Jeff Gilhool of Lookout explains how phishing and malware are becoming bigger issues for mobile devices and describes what healthcare organizations can do to incorporate HIPAA compliance in their mobile device management plans.
A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.
Canonical Ltd., a British company that offers commercial support and services for the popular Ubuntu Linux open source operating system, is investigating a hack of its GitHub page over the weekend. The source code for the system was not affected, the company says.
Britain's privacy watchdog has proposed a record-breaking $230 million fine against British Airways for violating the EU's General Data Protection Regulation due to "poor security arrangements" that attackers exploited to steal 500,000 individuals' payment card data and other personal details.
Where is the data, who has access to it, and how is it being secured? These are among the top questions inherent in any third-party risk program. Cris Ewell, CISO of UW Medicine, shares insight from his experience managing vendor risk.