India is modifying its 2020 National Cybersecurity Policy to take into account the shift to teleworking as a result of the COVID-19 pandemic, says Lt. Gen. (Retd) Rajesh Pant, national cybersecurity coordinator.

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

As manufacturers - including companies such as automakers that do not typically produce healthcare devices - race to help fill medical equipment shortages during the COVID-19 crisis, steps must be taken to ensure adequate security testing, says Fairuz Rafique of cybersecurity services firm EmberSec.

The summer 2011 issue of 'FDIC Consumer News' features tips on how to prepare financially for a natural disaster, a fire or another tragedy, especially one that requires people to evacuate their home and not return for days or weeks.

The Reserve Bank of India on Sept. 28, 2011, issued a statement recognizing a letter issued by Unique Identification Authority of India containing details of name, address and Aadhaar number, as an officially valid document as contained in Rule 2[1][d] of the PML Rules, 2005.

The Reserve Bank of India on Sept. 22, 2011, issued a letter to financial institutions regarding anti-money laundering and the combating of financing of terrorism standards.

The Reserve Bank of India on Sept. 22, 2011 issued a notification on security issues and risk mitigation measures related to card-present transactions.

Attacks Traced to Gangs Wielding Nefilim, Snake Strains
Ransomware attacks hit at least four large organizations around the world this week, including a hospital group in Europe that has been battling the COVID-19 pandemic.

Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company
Zoom has reached a settlement with the N.Y. attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.

Naikon Hacking Group Targeted Asia-Pacific Countries With New RAT
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.

Data Apparently Obtained From Three Breaches, ZeroFox Reports
Hackers are attempting to sell a fresh trove of approximately 26 million user records apparently obtained from three data breaches, according to researchers at the security firm ZeroFox.

Australia, India and UK Pursuing Centralized Approach Many Privacy Experts Warn Against
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.

Terminology Shift Announced by Britain's National Cyber Security Center
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?

We Need These Apps, But Some Nations' Security and Privacy Follies Don't Bode Well
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

To ensure data is protected, business units must work closely with IT and security specialists to resolve data governance issues, says Sydney-based Prashant Haldankar, CISO at Privasec.

The latest edition of the ISMG Security Report analyzes the rising costs of ransomware attacks and the latest victims. Also featured: An assessment of Australia's new contact-tracing app designed to help battle the spread of COVID-19, and a discussion of applying the "zero trust" model to the remote workforce.

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

As manufacturers - including companies such as automakers that do not typically produce healthcare devices - race to help fill medical equipment shortages during the COVID-19 crisis, steps must be taken to ensure adequate security testing, says Fairuz Rafique of cybersecurity services firm EmberSec.

The European Network and Information Security Agency has released a new guide on building effective IT security public private partnerships.

ENISA has issued guidance to national telecom regulatory authorities about the implementation of Article 13a, in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks.

ENISA has issued guidelines to national telecom regulatory authorities about the implementation of Article 13a, in particular, the two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to ENISA and the European Commission and ad hoc notification of incidents to other NRAs in case of cross-border incidents.

ENISA has published the first EU report ever on cybersecurity challenges in the Maritime sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cybersecurity. Finally, high-level recommendations are given for addressing these risks.

Attacks Traced to Gangs Wielding Nefilim, Snake Strains
Ransomware attacks hit at least four large organizations around the world this week, including a hospital group in Europe that has been battling the COVID-19 pandemic.

Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company
Zoom has reached a settlement with the N.Y. attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, the company announced it's acquiring a start-up encryption company.

Naikon Hacking Group Targeted Asia-Pacific Countries With New RAT
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.

Data Apparently Obtained From Three Breaches, ZeroFox Reports
Hackers are attempting to sell a fresh trove of approximately 26 million user records apparently obtained from three data breaches, according to researchers at the security firm ZeroFox.

Australia, India and UK Pursuing Centralized Approach Many Privacy Experts Warn Against
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.

Terminology Shift Announced by Britain's National Cyber Security Center
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?

We Need These Apps, But Some Nations' Security and Privacy Follies Don't Bode Well
Despite the need to battle COVID-19, several nations' in-development digital contact-tracing apps are already dogged by security and privacy concerns. Whether enough users will ever trust these apps to make them effective remains a major question. Is it too late to get more projects back on track?

Ransomware Gangs Keep Pwning Poorly Secured Remote Desktop Protocol Endpoints
In honor of World Password Day, here's a task for every organization that uses remote desktop protocol: Ensure that all of your organization's internet-facing RDP ports have a password - and that it's complex and unique.

The latest edition of the ISMG Security Report analyzes the rising costs of ransomware attacks and the latest victims. Also featured: An assessment of Australia's new contact-tracing app designed to help battle the spread of COVID-19, and a discussion of applying the "zero trust" model to the remote workforce.

With more employees working remotely and a much heavier demand for telehealth services, entities need to consider extra, accelerated steps in keeping data and systems secure, says Martin Littmann, Kelsey-Seybold Clinic CISO, and Stephen Moore, a former security leader at Anthem.

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

As manufacturers - including companies such as automakers that do not typically produce healthcare devices - race to help fill medical equipment shortages during the COVID-19 crisis, steps must be taken to ensure adequate security testing, says Fairuz Rafique of cybersecurity services firm EmberSec.

The European Network and Information Security Agency, ENISA, has compiled a list of existing initiatives focused on finding and preventing software vulnerabilities.

A notice of proposed rulemaking from the HHS Office for Civil Rights that would modify the HIPAA Privacy Rule standard for accounting of disclosures of protected health information and add new requirements for access reports.

The Final FFIEC Guidance has been issued and its main intent is to reinforce the 2005 Guidance's risk management framework and update the Agencies' expectations regarding customer authentication, layered security, or other controls in the increasingly hostile online environment.