Tag: regulation
-
UK Cybersecurity Weekly News Roundup 9 March 2025
by
in SecurityNews
Tags: android, attack, backdoor, breach, china, cloud, compliance, computer, cyber, cyberattack, cybercrime, cybersecurity, data, espionage, exploit, government, group, hacker, infrastructure, international, malware, microsoft, network, ransomware, regulation, resilience, service, skills, software, theft, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Microsoft Engineer’s Transition to Cybersecurity Ankit Masrani, a 36-year-old software engineer, successfully transitioned into a cybersecurity role at Microsoft. With a background in IT and a Master’s degree in computer science, Masrani secured…
-
MITRE EMB3D for OT & ICS Threat Modeling Takes Flight
by
in SecurityNewsManufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/mitre-emb3d-ot-ics-threat-modeling
-
Cybersecurity Snapshot: CSA Outlines Data Security Challenges and Best Practices, While ISACA Offers Tips To Retain IT Pros
by
in SecurityNews
Tags: advisory, ai, awareness, banking, best-practice, business, cloud, compliance, corporate, crime, crypto, cve, cyber, cybercrime, cybersecurity, data, defense, exploit, extortion, finance, fraud, governance, government, group, healthcare, infrastructure, iot, jobs, mail, malicious, microsoft, mitigation, monitoring, network, nis-2, privacy, qr, ransom, ransomware, regulation, resilience, risk, risk-assessment, risk-management, scam, service, strategy, technology, threat, tool, vmware, vulnerability, vulnerability-management, zero-dayCheck out best practices for shoring up data security and reducing cyber risk. Plus, get tips on how to improve job satisfaction among tech staff. Meanwhile, find out why Congress wants federal contractors to adopt vulnerability disclosure programs. And get the latest on cyber scams; zero-day vulnerabilities; and critical infrastructure security. Dive into six things…
-
Misconfigured access management systems expose global enterprises to security risks
by
in SecurityNews
Tags: access, attack, authentication, control, credentials, cyberattack, cybersecurity, data, data-breach, detection, finance, Internet, monitoring, network, regulation, risk, technology, update, vulnerabilityRegional and industry-wide exposure: The investigation found a disproportionate concentration of exposed AMS in Europe, with Italy emerging as a key hotspot, reporting 16,678 exposed systems. Mexico and Vietnam followed, with 5,940 and 5,035 systems exposed, respectively.The US recorded 1,966 vulnerable systems, while other technologically advanced nations such as Canada and Japan showed comparatively lower…
-
Key Takeaways from the CSA Understanding Data Security Risk Survey
by
in SecurityNews
Tags: access, ai, attack, automation, business, cloud, compliance, control, data, encryption, Hardware, intelligence, monitoring, network, regulation, risk, risk-management, software, strategy, switch, tool, update, vulnerabilityKey Takeaways from the CSA Understanding Data Security Risk Survey madhav Tue, 03/04/2025 – 04:32 As hybrid and multi-cloud environments become increasingly popular, identifying, prioritizing, and mitigating data security risks becomes increasingly complex. How can we tackle this complexity? By gaining insight into how organizations handle risk. That’s the goal of the latest Cloud Security…
-
Building cyber resilience in banking: Expert insights on strategy, risk, and regulation
by
in SecurityNewsIn this Help Net Security interview, Matthew Darlage, CISO at Citizens, discusses key strategies for strengthening cyber resilience in banks. He underlines that adherence to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/04/matthew-darlage-citizens-banks-cyber-resilience/
-
Privacy Roundup: Week 9 of Year 2025
by
in SecurityNews
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Why cyber attackers are targeting your solar energy systems, and how to stop them
by
in SecurityNews
Tags: access, attack, authentication, automation, awareness, backup, best-practice, china, communications, control, credentials, cyber, cybercrime, cybersecurity, data, detection, exploit, firmware, framework, group, infrastructure, iot, mfa, monitoring, network, password, penetration-testing, regulation, risk, russia, service, software, technology, threat, update, vulnerabilitySmart inverter vulnerabilities threaten the electric grid: The biggest risk occurs during high-demand times. If enough solar DERs suddenly go offline during a critical period, there might not be adequate alternative energy sources that can come online immediately, or the available alternatives are much more expensive to operate. Attackers can produce similar results merely by…
-
What is zero trust? The security model for a distributed and risky era
by
in SecurityNews
Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trustHow zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…
-
The Future of Auditing: What to Look for in 2025
by
in SecurityNewsThe 2025 audit landscape is shaped by new regulations and changes in enforcement of existing regulations. In the United States, both changes to longstanding administrative law and the Public Company Accounting Oversight Board (PCAOB) will shape regulations. Despite Federal changes, new regulations like California’s new climate reporting laws will require companies to undergo audits for……
-
UK Delays Plans for AI Regulation
by
in SecurityNewsSome Lawmakers Fear Regulation Could Stymie Innovation. The British Labour Government has reportedly delayed plans to put forward a draft bill on artificial intelligence over concerns that binding AI regulation could stifle the country’s AI growth potential. A spokesperson said the government remains committed to bringing forward a legislation. First seen on govinfosecurity.com Jump to…
-
New EU Sanctions Blacklist Russian and North Korean Cyber Operatives
by
in SecurityNewsThe Council of the European Union took decisive action to impose a new set of sanctions on Russia, with the aim of addressing threat to Ukraine’s sovereignty. The sanctions were codified in Council Implementing Regulation (EU) 2025/389, which represents a new update to the Regulation (EU) No 269/2014. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/council-of-the-european-union-sanction-russia/
-
Cybersecurity Weekly Update 24 February 2025
by
in SecurityNews
Tags: access, ai, apple, attack, cyber, cyberattack, cybersecurity, data, email, encryption, finance, government, office, privacy, regulation, risk, service, theft, updateWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Home Office Contractor’s Data Collection Sparks Privacy Concerns The Home Office faces scrutiny after revelations that its contractor, Equifax, collected data on British citizens while conducting financial checks on migrants applying for fee…
-
Watchdog approves Sellafield physical security, but warns about cyber
by
in SecurityNewsThe Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concerns First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619402/Watchdog-approves-Sellafield-physical-security-but-warns-about-cyber
-
What is SIEM? Improving security posture through event log data
by
in SecurityNews
Tags: access, ai, api, automation, ciso, cloud, compliance, data, defense, detection, edr, endpoint, firewall, fortinet, gartner, google, guide, ibm, infrastructure, intelligence, kubernetes, LLM, microsoft, mitigation, mobile, monitoring, network, openai, regulation, risk, router, security-incident, service, siem, soar, soc, software, threat, toolAt its core, a SIEM is designed to parse and analyze various log files, including firewalls, servers, routers and so forth. This means that SIEMs can become the central “nerve center” of a security operations center, driving other monitoring functions to resolve the various daily alerts.Added to this data are various threat intelligence feeds that…
-
Why Some States Are Beefing Up Their Health Cyber Regs
by
in SecurityNewsStates will increasingly be stepping up to fill gaps in the healthcare sector with new cyber legislation and requirements as the Trump administration promises to roll back regulations, predicts attorney Amy Magnano of the law firm Morgan Lewis’ healthcare practice. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/some-states-are-beefing-up-their-health-cyber-regs-i-5446
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
by
in SecurityNews
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
AI Action Summit and Regulatory Concerns That Won’t Go Away
by
in SecurityNewsForrester’s Thomas Husson on Reactions to DeepSeek, Fears of Overregulation. The AI Action Summit this week came on the heels of the DeepSeek-R1 launch by Chinese AI company, as well as recent enforcement actions of the EU AI Act. A number of leaders from both inside and outside of Europe criticized the EU law, fearing…
-
Aggressive deregulation creates risky business environment
by
in SecurityNewsThrough DOGE, President Donald Trump is cutting work and funding to federal agencies to overhaul business rules and regulations in the U.S. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366619263/Aggressive-deregulation-creates-risky-business-environment
-
Energy Regulations Are Rising: Stay Ahead with Modern DCIM
by
in SecurityNewsAs data centers continue to serve as the backbone of the digital economy, they face an escalating challenge: the tightening grip of global energy consumption regulations. Governments and regulatory bodies worldwide are implementing stricter policies to curb carbon footprints, optimize energy use, and enforce sustainability commitments. In this evolving landscape, modern Data Center Infrastructure Management…
-
Beyond the paycheck: What cybersecurity professionals really want
by
in SecurityNews
Tags: business, ceo, corporate, cyber, cybersecurity, data, india, jobs, regulation, risk, risk-management, service, skills, strategy, trainingInvest in skills and allow room for growth: Upskilling also remains a powerful retention tool. As Huber points out, Tenable invests in training entire teams on emerging technologies and capabilities, ensuring that employees feel equipped and valued.Similarly, KPMG has implemented targeted programs to support diversity and career progression within cybersecurity. The firm’s Cyber Women Leads…
-
US VP Vance Calls for Less Regulation at AI Action Summit
by
in SecurityNewsEurope Must View AI With ‘Optimism Rather Than Trepidation,’ He Tells Paris Crowd. Europe must view developments in artificial intelligence with optimism, rather than trepidation, U.S. Vice President JD Vance told EU leaders during the AI Action Summit. He said the EU’s tendency to overregulate technology is costing American businesses billions of dollars. First seen…
-
Privacy Roundup: Week 6 of Year 2025
by
in SecurityNews
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Fortifying cyber security: What does secure look like in 2025?
by
in SecurityNews
Tags: access, ai, attack, authentication, business, compliance, cyber, cybercrime, cybersecurity, deep-fake, exploit, finance, Hardware, intelligence, least-privilege, malware, mfa, nis-2, phishing, regulation, resilience, risk, risk-management, scam, software, threat, training, update, vulnerability, zero-trustThe evolving cybersecurity landscape has increased security pressures for IT leaders. With the World Economic Forum estimating, the global cost of cybercrime is projected to reach $10.5trillion annually in 2025, the situation is only escalating[1]. The rise of new technologies, such as Artificial Intelligence (AI), and the complexities introduced by flexible working have made IT…
-
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities
by
in SecurityNews
Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerabilityIn force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
-
Basket of Bank Trojans Defraud Citizens of East India
by
in SecurityNewsCheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bank-trojans-defraud-citizens-east-india
-
21% of CISOs pressured to not report compliance issues
by
in SecurityNews
Tags: awareness, breach, business, ceo, ciso, compliance, control, corporate, cybersecurity, data, dora, finance, framework, governance, incident response, infrastructure, insurance, law, nis-2, regulation, resilience, risk, security-incident, trainingCISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.To wit: One in five (21%) security leaders have been pressured by other executives or board members not to report compliance issues at their companies, according to a recent study by security vendor Splunk.The same…
-
Cybersecurity, government experts are aghast at security failures in DOGE takeover
by
in SecurityNewsElon Musk’s takeover of key systems across the federal government is ignoring decades of laws, regulations and procedures, experts told CyberScoop. First seen on cyberscoop.com Jump to article: cyberscoop.com/musk-doge-opm-treasury-breach/