About

compliance


NIST plots biggest ever reform of Cybersecurity Framework

23 February 2023NIST plots biggest ever reform of Cybersecurity FrameworkCSF 2.0 blueprint offered up for public review

Safe harbor

Belgium launches national protection mechanism for ethical hackers15 February 2023Safe harborBelgium launches national protection mechanism for ethical hackers

How to become a penetration tester part 1

Your path into offensive security testing29 November 2022How to become a penetration tester part 1Your path into offensive security testing

Legitimate hacking activities under UK law proposed by ‘expert consensus’

16 August 2022Legitimate hacking activities under UK law proposed by ‘expert consensus’Contentious edge case activities are no excuse for further delaying of ‘much overdue’ reform, say campaigners

Browsers non-grata

German proposals will oblige government employees to use modern, secure web browsers15 August 2022Browsers non-grataGerman proposals will oblige government employees to use modern, secure web browsers

Losing track

Healthcare provider issues data breach warning after tracking pixels sent patients’ data to Meta15 August 2022Losing trackHealthcare provider issues data breach warning after tracking pixels sent patients’ data to Meta

Bug bounties and data privacy

Make sure your security bug bounty program doesn’t create a data leak of its own12 August 2022Bug bounties and data privacyMake sure your security bug bounty program doesn’t create a data leak of its own

‘You get respect for owning what happened’

SolarWinds’ CISO on the legacy and lessons of Sunburst01 August 2022‘You get respect for owning what happened’SolarWinds’ CISO on the legacy and lessons of Sunburst

Onfido bug bounty

New program launched to help shore up ID verification defenses28 July 2022Onfido bug bountyNew program launched to help shore up ID verification defenses

Cloud fax

Company claims healthcare pros are ditching email for ‘more secure’ fax26 July 2022Cloud faxCompany claims healthcare pros are ditching email for ‘more secure’ fax

‘We’re still fighting last decade’s battle’

Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain22 July 2022‘We’re still fighting last decade’s battle’Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain

‘Untenable risk to Firefox users’

Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo15 July 2022‘Untenable risk to Firefox users’Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo

US eye clinic suffers data breach impacting 92,000 patients

04 July 2022US eye clinic suffers data breach impacting 92,000 patientsMattax Neu Prater Eye Center said customer data was involved in third-party cyber-attack

OpenSea email breach

Six orgs affected by email address leak attributed to rogue employee at third-party vendor30 June 2022OpenSea email breachSix orgs affected by email address leak attributed to rogue employee at third-party vendor

Not-so-ready meals

Food distributor Apetito restores limited deliveries following cyber-attack28 June 2022Not-so-ready mealsFood distributor Apetito restores limited deliveries following cyber-attack

UK Computer Misuse Act

Statutory defense for ethical hacking tabled23 June 2022UK Computer Misuse ActStatutory defense for ethical hacking tabled

Ransomware attack

Montrose Environmental Group reports disruption to lab testing services16 June 2022Ransomware attackMontrose Environmental Group reports disruption to lab testing services

Health check

Breach at US ambulance billing service exposed patients’ data15 June 2022Health checkBreach at US ambulance billing service exposed patients’ data

HID Mercury access control vulnerabilities leave door open to lock manipulation

14 June 2022HID Mercury access control vulnerabilities leave door open to lock manipulationManufacturer addresses threat to integrity and availability of products sold to more than 20 OEM vendors

Kaiser Permanente data breach exposed healthcare records of 70,000 patients

13 June 2022Kaiser Permanente data breach exposed healthcare records of 70,000 patientsHealth plan provider plays down ID theft fears after breach at Washington state division

US DoJ offers blueprint for more ‘innovative, secure IT capabilities’

10 June 2022US DoJ offers blueprint for more ‘innovative, secure IT capabilities’‘Zero trust’ architecture and secure supply chains to the fore in new strategy

Turkish flight operator Pegasus Airlines suffers data breach

09 June 2022Turkish flight operator Pegasus Airlines suffers data breachData protection regulator confirms sensitive information was leaked

Connecticut welcomes consumer privacy law

31 May 2022Connecticut welcomes consumer privacy lawThe newly signed CTPA is more consumer-friendly than similar legislation in other US states

DevSecOps report

Cybersecurity skills are top priorities for enterprise IT, study finds18 May 2022DevSecOps reportCybersecurity skills are top priorities for enterprise IT, study finds

Manufacturing breach

Parker Hannifin cyber-attack exposed data of 119k individuals16 May 2022Manufacturing breachParker Hannifin cyber-attack exposed data of 119k individuals

Securing the supply chain

NIST refreshes risk management guidance for orgs11 May 2022Securing the supply chainNIST refreshes risk management guidance for orgs

EU targets standardization as key to bloc-wide cyber-resilience

10 May 2022EU targets standardization as key to bloc-wide cyber-resilienceThreat landscape’s increasing complexity adds impetus to drive for consistency across 27 member states

Pressing issue

WordPress sites getting hacked ‘within seconds’ of TLS certs being issued06 May 2022Pressing issueWordPress sites getting hacked ‘within seconds’ of TLS certs being issued

UK government calls for tougher protections against malicious apps

06 May 2022UK government calls for tougher protections against malicious appsNCSC proposes new code of conduct for app stores

‘A great step’

India to introduce six-hour data breach notification rule05 May 2022‘A great step’India to introduce six-hour data breach notification rule

US healthcare data breach impacts 345,000 individuals

29 April 2022US healthcare data breach impacts 345,000 individualsSensitive medical and other personal data was potentially exposed

Utah Consumer Privacy Act

New legislation adds another wrinkle to the US legal landscape19 April 2022Utah Consumer Privacy ActNew legislation adds another wrinkle to the US legal landscape

Credit card industry standard revised to repel card-skimmer attacks

14 April 2022Credit card industry standard revised to repel card-skimmer attacksPCI DSS v4.0 encourages better defenses against Magecart-style assaults

Nation state security

US government launches Bureau of Cyberspace and Digital Policy05 April 2022Nation state securityUS government launches Bureau of Cyberspace and Digital Policy

‘Dangerous trend’

EU web authentication plan threatens to undercut browser-led certification system, say detractors30 March 2022‘Dangerous trend’ EU web authentication plan threatens to undercut browser-led certification system, say detractors

Identity shield

ENISA urges data-handling innovation amid rising tide of healthcare breaches28 March 2022Identity shieldENISA urges data-handling innovation amid rising tide of healthcare breaches

Russian invasion

FCC adds Kaspersky products to list of national security threats28 March 2022Russian invasionFCC adds Kaspersky products to list of national security threats

Medical data exposed by phishing attack on US state health agency

25 March 2022Medical data exposed by phishing attack on US state health agencyMedications and test results among data potentially ‘previewed’ by attacker