A random number generating algorithm under suspicion of National Security Agency tampering will no longer carry government approval. The National Institute of Standards and Technology announced Monday it will remove the algorithm in question, the Dual Elliptic Curve Deterministic Random Bit Generator, from its publication containing pseudorandom generator standards.
The Securities and Exchange Commission released earlier this month a checklist of cybersecurity measures it'll use as part of this year's examination of registered broker-dealers and investment advisers.
Account passwords for healthcare.gov will be invalid pending a reset, on account of the Heartbleed web security bug.
An important Securities and Exchange Commission financial system went live last summer before a contractor completed necessary security tasks, a report from the Government Accountability Office says. Auditors don't specify the "key financial system" or the required security tasks in an April 17 report, which says the SEC neglected to scrutinize its contractor's work.
The Internet of tomorrow will be less resilient, less available and not as robust as today's warns a think tank and an insurance company. So far, cyber incidents have had effects that are widespread but temporary, or persistent but narrowly focused, says a report published Wednesday by the Atlantic Council and Zurich Insurance Group.
The National Institute of Standards and Technology released version 1 of a free, open source system comprised of a web application, tools and clients for testing and evaluating the security of mobile applications.
Intelligence agencies that discover an unpatched vulnerability will turn that knowledge over to software manufacturers for remediation purposes – unless there exists "a clear national security or law enforcement need," the White House says. The statement comes amid officially contested reports that the National Security Agency knew for two years of the Heartbleed vulnerability.
The Federal Trade Commission's push to regulate corporate data security survived an attempt in federal court to dismiss a case the agency brought against the Wyndham hotel chain for three data breaches.
A one-size-fits-all approach to security throughout the electric grid risks diverting resources from the most crucial facilities, the head of the American Public Power Association said during a Senate hearing April 10.
The private sector need not worry about violating anti-trust law if they share cyber threat data, officials from the Justice Department and Federal Trade Commission said Thursday.