Account passwords for healthcare.gov will be invalid pending a reset, on account of the Heartbleed web security bug.
An important Securities and Exchange Commission financial system went live last summer before a contractor completed necessary security tasks, a report from the Government Accountability Office says. Auditors don't specify the "key financial system" or the required security tasks in an April 17 report, which says the SEC neglected to scrutinize its contractor's work.
The Internet of tomorrow will be less resilient, less available and not as robust as today's warns a think tank and an insurance company. So far, cyber incidents have had effects that are widespread but temporary, or persistent but narrowly focused, says a report published Wednesday by the Atlantic Council and Zurich Insurance Group.
The National Institute of Standards and Technology released version 1 of a free, open source system comprised of a web application, tools and clients for testing and evaluating the security of mobile applications.
Intelligence agencies that discover an unpatched vulnerability will turn that knowledge over to software manufacturers for remediation purposes – unless there exists "a clear national security or law enforcement need," the White House says. The statement comes amid officially contested reports that the National Security Agency knew for two years of the Heartbleed vulnerability.
The Federal Trade Commission's push to regulate corporate data security survived an attempt in federal court to dismiss a case the agency brought against the Wyndham hotel chain for three data breaches.
A one-size-fits-all approach to security throughout the electric grid risks diverting resources from the most crucial facilities, the head of the American Public Power Association said during a Senate hearing April 10.
The private sector need not worry about violating anti-trust law if they share cyber threat data, officials from the Justice Department and Federal Trade Commission said Thursday.
Sharing of cyber threat information by the Homeland Security Department with the private sector presents some modest privacy risks, says the departmental privacy office.
GAITHERSBURG, Md. – As the privacy field seeks greater precision in a bid to make technical implementation of privacy controls a possibility, it should be cautious about the metrics it adopts, warns a computer scientist.