Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

According to a joint CISA/FBI advisory, Iranian government-sponsored hackers hit at least one Federal Civilian Executive Branch (FCEB) organization with an exploit for a Log4j vulnerability in an unpatched VMware Horizon server. [Read More]
A new EU law imposing stricter online regulation comes into effect Wednesday and the biggest platforms like Facebook and Google will have until February 17 to reveal their user numbers. [Read More]
Bishop Fox has raised more than $154 million in lifetime funding to build and market technology for continuous attack surface management. [Read More]
Compliance platform Laika has raised $50 million in Series C funding round led by Fin Capital. [Read More]
VMware slapped a critical-severity rating on the bulletin and warned that three of the patched flaws are marked with a CVSS severity score of 9.8/10. [Read More]
For the second consecutive month, Microsoft rushed out patches to cover vulnerabilities that were already exploited as zero-day in the wild, including a pair of belated fixes for exploited Microsoft Exchange Server flaws. [Read More]
Redmond warns that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. [Read More]
Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store information at scale from that website? What if that information includes personal data? What does the law say? Can it be prevented? [Read More]
The FTC has reached an agreement with education technology provider Chegg over the company’s cybersecurity mishaps that led to several data breaches. [Read More]
Alcohol delivery app Drizly has agreed to tighten its data security and limit data collection to resolve federal regulators’ allegations that its security failures exposed the personal information of some 2.5 million customers. [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Ashley Arbuckle's picture
Penalties for non-compliance with GDPR will be severe. For example, if your organization fails to report a data breach within 72 hours, expect a fine.
Jalal Bouhdada's picture
Jalal Bouhdada, Founder and Principal ICS Security Consultant at Applied Risk, discusses the implications of the new EU Directive on Security of Network and Information Systems (NIS)
Steven Grossman's picture
Why do we seem to need layer upon layer of regulation and guidance to try to ensure a more secure business world? Is it working?
Travis Greene's picture
Reducing the amount of personal data subject to GDPR is a critical step towards minimizing the amount of risk that GDPR will expose.
Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.