Credit card giant Capital One is moving past its 2019 hacking incident as federal regulators stop requiring quarterly updates on efforts to improve cybersecurity and a federal judge signs off on a $190 million settlement in a proposed class action lawsuit.
Public water systems in the United States will continue connecting control systems to the internet despite the risks, members of the House Homeland Security Committee heard today. Water systems need network connectivity for remote repairs, said an official with the National Rural Water Association.
Foreign investment into the U.S. will undergo added scrutiny for its implications to cybersecurity and data protection under an executive order signed by President Joe Biden. The order focuses on potential security risks of direct investors as well as their ties to third parties that may pose risks.
A White House agency today told U.S. federal government IT vendors they must attest to using secure software development techniques. Self-attestation "is a bit of a compliance activity, but it's a pretty light compliance activity," says former federal CISO Grant Schneider.
The U.S. government accused Iran of turning a blind eye to ransomware hackers after indicting three men affiliated with the Islamic Revolutionary Guard Corps. Authorities say their attacks affected critical infrastructure including healthcare centers, transportation services and utility providers.
Security researchers revealed yet another method for stealing a Tesla although the brand is one of the least-stolen cars and among the most recovered once pilfered. The newest example comes from internet of things security company IOActive in an attack involving two people and customized gear.
The United States hit Iran with a new round of sanctions after linking Tehran with the July cyberattack against Albania. The sanctions are more symbolic than material in effect but send a message that hacking U.S. allies has consequences.
Albania cut diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal. Prime Minister Edi Rama today said he gave Iranian diplomats 24 hours to depart the country after establishing Iranian responsibility for the cyberattack.
The NFL's San Francisco 49ers will notify more than 20,000 Americans that online attackers likely stole their name and Social Security number from the sports franchise's corporate network in a February network security incident. Ransomware-as-a-service group BlackByte took credit for the attack.
Cyber criminals are running scripting attacks on e-commerce sites that attempt to complete small payments by automatically inputting payment card numbers based on the Ally Bank identification number. There are no indications of a data breach at Ally Bank, says a source close to the fraud detection.
The U.S. Consumer Financial Protection Bureau is warning lenders they can be liable for data breaches for causing consumers "substantial injury." To avoid liability, the bureau recommends that banks implement multifactor authentication and especially Web Authentication.
U.S. companies could see new cybersecurity rules and restrictions on consumer data collection under a rule-making process initiated by the FTC. No regulatory outcome is guaranteed, but today's advanced notice of proposed rule-making is a first step to new data security and privacy regulations.
The federal government today sanctioned Tornado Cash. The Department of Treasury ordered assets of the Ethereum blockchain cryptocurrency mixer to be frozen and says civil and potentially criminal penalties await anyone under U.S. jurisdiction who uses the service.
The Federal Financial Institutions Examination Council is asking for comments regarding the Cybersecurity Assessment Tool, the ostensibly voluntary way for banks and credit unions to self-assess exposure to risk and the maturity of their cybersecurity.
A top federal regulatory official urged financial institutions to implement multifactor authentication for all nonpublic systems, telling an audience of financial executives that a majority of breaches could be avoided or mitigated through basic cybersecurity controls.