The U.S. and U.K. government push to "backdoor" strong crypto - used to secure everything from online banking and e-commerce to patient health records and consumer communications - wouldn't stop most criminals or terrorists, researchers warn.
Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?
Here's more evidence of how a data breach can have a major financial impact. The bill for U.K. telecom giant TalkTalk's October 2015 data breach could be as much as $94 million, and the incident resulted in the loss of 95,000 customers.
Java users are being warned to only use newly released installers to avoid a nasty potential exploit. Meanwhile, a veteran bug hunter questions whether Oracle's move to ditch Java browser plug-ins will have a significant security upside.
The new EU-U.S. data transfer agreement will be called "Privacy Shield." Beyond that, however, the actual details of the agreement - and whether it will pass muster with the EU's privacy commissioners or high court - appear to be a work in progress.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
The New York Attorney General's settlement with taxi-hailing platform Uber - over alleged customer data privacy violations and a delayed data breach notification - provides a best practice security template for any organization that handles customer data.
In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
In the largest monetary award obtained by the FTC in an enforcement action, LifeLock has agreed to pay $100 million to settle a case that, in part, stemmed from the identity protection company failing to establish and maintain an information security program to protect customers' personally identifiable information.
Europe looks set to pass sweeping new data protection rules, which would give consumers more control over how their personal information gets used and require organizations to notify authorities whenever they suffer a data breach.
After years of failing to enact cyberthreat information-sharing legislation, Congress is poised to vote on a measure this week that would incentivize businesses to share voluntarily threat data with the federal government and with each other.
New guidance for cyber-resilience, vendor management and breach notification are expected for New York state banks in early 2016. And the tone set by these guidelines may have a ripple effect, influencing the actions of federal banking regulators.
A former U.S. State Department employee has pleaded guilty to running a "sextortion" scheme from the U.S. Embassy in London that was designed to compel young women to share sexually explicit photographs, according to the FBI.
President Obama's remarks urging "high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice" are being interpreted by some to mean that government and Silicon Valley should collaborate to create a backdoor to circumvent encryption on devices used by terrorists.