Many medical device makers appear to building better cybersecurity into their products, but some manufacturers are still avoiding fixing vulnerabilities in legacy devices that pose potential safety risks, says security researcher Billy Rios, who discusses the latest flaws in some Medtronic cardiac devices.
As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.
Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.
UIDAI again found itself embroiled in a controversy when it was revealed that its helpline was being automatically added in the contact lists of mobile phones. But Google acknowledged that its coding error led to the mishap. Why was Google involved in getting a phone number for UIDAI preloaded on phones?
Sometimes efforts to prove a system is secure can really backfire. TRAI Chairman R.S. Sharma's attempt to demonstrate Aadhaar security by tweeting his Aadhaar number on Saturday and inviting anyone to attempt to use it to access his personal information reportedly led to data access by ethical hackers.
The Reserve Bank of India issued a notice to all cooperative banks advising them to apply caution while deploying third-party core banking applications and check for appropriate security standards. The move came after credential theft incidents at some banks. But will banks heed the advice?
The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks.
Numerous technology firms now offer facial biometrics recognition search tools for big data sets. But information security expert Alan Woodward warns that these big data sets must be "considered and regulated very heavily" or else we'll be "living in 1984 without knowing it."
One of the key lessons offered at ISMG's Fraud & Breach Prevention Summit, held June 12-13 in Bengaluru, was the need for security practitioners to have a better perception of threats and risks so they can build successful detection and defense mechanisms.
The Department of Homeland Security has issued two more alerts about cyber vulnerabilities in certain medical devices. The stream of recent advisories is helping to draw more attention to the importance of addressing device security. But healthcare providers face the challenge of tracking and mitigating all risks.
RSA's most recent Quarterly Fraud Report shows that "newsjacking" is increasingly empowering phishing attacks, says Angel Grant, RSA's director of identity fraud and risk intelligence. The report also shows a continuing surge in mobile app fraud.
As Japan continues it push toward digital transactions, it's taking steps to ensure security, including adopting the PCI Data Security Standard, says Jeremy King, international director of the PCI Security Standards Council, who offers an update.
Following reports about U.S. companies that enable government and other users to access real-time tracking information for all major U.S. wireless carriers' subscribers, provider Securus Technologies has reportedly been hacked, while LocationSmart has fixed a data-exposing flaw.