China's PIPL privacy law imposes new data handling requirements
The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.
Stories by Cynthia Brumfield
Apple's plan to scan users’ iCloud photos raises new fears of government-mandated data access
Experts argue that Apple is clearing a path for governments to gain access to their citizens' data--essentially an encryption backdoor.
NSA, CISA release Kubernetes hardening guidance following Fancy Bear attacks
The guidance seeks to educate IT administrators about cloud security risks and best practices for implementing and maintaining Kubernetes.
Ransomware talks: How Biden could push Putin to the table
Under pressure to end the ransomware scourge, the White House faces strong headwinds. The problem: Putin has no motivation to change the status quo.
Feds seize $2.3M in cryptocurrency wallet reportedly used in Colonial Pipeline ransomware attack
The successful seizure could encourage other victims to better cooperate with federal agencies and cause ransomware gangs to rethink their operations.
How the post-pandemic world will challenge CISOs
More permanent remote workers, requirements for protecting health data, and a more dangerous threat landscape await security teams as the COVID crisis ends.
SolarWinds, Exchange attacks revive calls for mandatory breach notification, better information sharing
Two-way communication between government and the private sector combined with a national breach notification policy will put a dent in cyber crime.
Biden administration releases ambitious cyber security executive order
Though lacking in clarity, this new executive order might be more effective than past efforts, especially in the wake of the Colonial pipeline attack.
Colonial Pipeline shutdown highlights need for better OT cyber security practices
Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.
US sanctions Russian government, security firms for SolarWinds breach, election interference
The Biden administration places economic sanctions on Russian government agencies, individuals, and companies including several security firms.
Why the Microsoft Exchange Server attack isn’t going away soon
For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.
New York issues cyber insurance framework as ransomware, SolarWinds costs mount
State looks to protect one of its core industries, which is threatened by "unsustainable" losses due to the SolarWinds attacks.
Egregor ransomware group explained: And how to defend against it
Egregor is one of the most rapidly growing ransomware families, employing "double ransom" techniques to threaten reputational damage.
Sprite Spider emerging as one of the most destructive ransomware threat actors
Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.
SolarWinds hack is quickly reshaping Congress’s cyber security agenda
More cyber security funding for states and Capitol, new breach reporting rules, and ransomware-related bills will likely be on the agenda for the 117th Congress.
