A vulnerability in Rockwell Automation's ControlLogix 1756 devices allows attackers to bypass a critical security feature, turning the trusted slot mechanism into a hacker's secret passageway to jump between slots and gain access to industrial control systems.
The American Hospital Association and Health Information Sharing and Analysis Center are urging the healthcare sector to step up its supply chain security and resilience as disruptive cyberattacks target critical suppliers, including last week's attack on a Florida-based blood donation center.
The editorial team at Information Security Media Group interviewed 60 of the most well-known and influential leaders in the industry at RSA Conference 2024. Inside this 40-page CEO/Founder Compendium, you'll find insights on leadership, emerging trends in cybersecurity and the latest technologies.
BlueVoyant's Cyber Defense Platform combines proactive and reactive security measures with internal and external capabilities. CEO Jim Rosenthal explains how this comprehensive approach allows clients to manage cyber risks effectively and achieve a desired state of cyber defense readiness.
Federal regulators smacked an ambulance firm with a $115,200 civil monetary penalty for failing to provide a patient with her requested health records for more than a year. The penalty is the U.S. Department of Health and Human Services' 49th HIPAA "right of access" enforcement action.
The U.S. Cybersecurity and Infrastructure Security Agency has released new guidance for federal procurement teams to help them "engage in more relevant discussions" with enterprise risk owners such as CIOs and CISOs when buying software products for government systems and networks.
This week, the European Union's AI Act has gone into force, marking a significant step in AI development. Starting Aug. 1, 2024, it will enforce strict rules on high-risk AI systems and prohibit harmful practices, to ensure transparency and protect fundamental rights.
Illumio's Andrew Rubin explains how AI enhances zero trust security by improving labeling accuracy, which is essential for effective segmentation. Rubin discusses AI's potential to streamline security processes and covers key partnerships with firms such as Microsoft, Netskope and Wiz.
Small and medium-sized businesses are vulnerable to cyberthreats, often due to insufficient investment in security measures. Joe Levy, CEO of Sophos, shares insights on enhancing SMB cybersecurity outcomes, with a focus on combating ransomware and protecting vital supply chains.
The British data regulator reprimanded the U.K.'s Electoral Commission for its failure to prevent a 2021 hack attack that resulted in the exposure of millions of voter records. Hackers breached the Electoral Commission's networks after exploiting the ProxyShell vulnerability.
A federal judge has dismissed several claims but has given the green light for plaintiffs to move forward with other allegations in a proposed class action filed against electronic health records vendor NextGen in the aftermath of a 2023 ransomware attack that affected about 1 million people.
Snyk CEO Peter McKay discusses lessons from the recent CrowdStrike outage, emphasizing the importance of robust development practices, effective communication and the integration of quality and security in modern software development. He also highlights Snyk's role in advancing developer security.
Millions of Americans will soon receive a breach notification letter from Change Healthcare, which said on Monday that it has started the process of notifying victims of the massive cyberattack and data theft incident first detected more than five months ago.
Health benefits administrator HealthEquity, which earlier this month reported to the U.S. Securities and Exchange Commission a hacking incident involving the compromised credentials of a vendor, has now told state regulators that the breach affected the information of 4.3 million individuals.
The global IT outage triggered by a faulty CrowdStrike software update could lead to $400 million to $1.5 billion in payouts to cyber insurance policyholders, although the nonstandardized language used for such policies will make determining final losses a "lengthy process," analysts say.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.