The House of Representatives on Monday passed two bills to boost small business cybersecurity; companion bills are waiting in the Senate. One bill requires counselors at small business development centers to be certified in cybersecurity before they may work with small businesses on cyberattack prevention and response, and the other calls on the Small Business Administration to inform Congress of cyberattacks on the agency within seven days of the attack and to submit to Congress an annual report on its IT quality.
A RedSeal survey has revealed that 54% of security personnel think their CEO is putting the company at risk of cyberattacks by ignoring their recommendations to improve cybersecurity. And 10% of respondents said their CEO or other high-level executives have made decisions that put the company at risk.
Seven new database server fixes are included in the Critical Patch Update to be released by Oracle today. The patch addresses 322 vulnerabilities affecting the integrity, availability and confidentiality of data.
Penobscot Community Health Care in Bangor, Maine, has informed patients that a third-party vendor experienced a data breach, exposing the personal and financial data of an unknown number of patients. Records were accessed by an unauthorized person between August 2018 and March 2019 at American Medical Collection Agency, an entity the hospital no long does business with.
A survey by the Investment Adviser Association and ACA Compliance Group found that the biggest compliance worry among 83% of registered investment adviser firms is cybersecurity. Among those responding, 70% said they have boosted compliance testing in the past 12 months.
A vulnerability in Instagram has been found by bug bounty hunter Laxman Muthiyah, who said he was able to bypass the password recovery mechanism in the mobile version of Instagram and take control of an account. Instagram patched the vulnerability and awarded Laxman $30,000 as part of its bug bounty program.
More than 8 in 10 respondents to a recent survey said their small companies were at risk of cyberattack, but the companies' IT professionals said competing priorities make it difficult to prevent or secure against threats. Among the competing priorities are securing new technology, upgrading identity access and securing data.
The Pacific Northwest's largest health insurer, Premera Blue Cross, will pay $10 million to 30 states for a breach that exposed the data of more than 10 million people, in an agreement with the state of Washington. The company also recently agreed to pay $74 million to settle a federal class-action lawsuit by affected customers.
The Federal Trade Commission has approved a $5 billion settlement with Facebook -- the largest privacy fine levied by the agency -- stemming from the Cambridge Analytica scandal. Facebook declined to comment on the fine and other Justice Department and Securities and Exchange Commission probes.
- Page 1