Posts Tagged ‘cybersecurity’
Study: Open-Source Software Risks Are Rampant
A newly released study finds that the vast majority of software systems that businesses use to manage their operations rely to at least some extent on open-source software — and the vast majority of that open-source code contains multiple high-risk vulnerabilities. So says the 2025 Open Source Security and Risk Analysis Report, released Tuesday by…
Read MoreSEC Keeps Cyber Enforcement Alive
The Securities and Exchange Commission has launched a new cybersecurity enforcement unit — or, more accurately, dropped crypto stuff from its previously existing crypto assets and cybersecurity enforcement unit. Anyway, it’s a reminder that cybersecurity issues are still on the SEC’s radar screen, so corporate audit and financial disclosure teams need to respond accordingly. Acting…
Read MoreCentene Dinged on Cyber Failures
Centene Corp. is paying $11.2 million to settle a lawsuit claiming that poor cybersecurity at one of its subsidiaries qualifies as a violation of the False Claims Act, in yet another example of how cybersecurity risk is worming its way into all parts of corporate compliance. The subsidiary in question is Health Net Federal Services,…
Read MoreAnother Tale of Poor Cyber Practices
Here’s an interesting item for all you cybersecurity auditors and GRC professionals: the state of New York just fined PayPal $2 million for “failing to use qualified personnel to manage key cybersecurity functions,” which led to an inept rollout of new accounting processes and a subsequent privacy breach. The New York Department of Financial Services…
Read MoreTwo Companies, Two Cyber Enforcement Actions
These may be the final days of the Biden Administration, but enforcement in cybersecurity still marches onward: two different regulators just sanctioned two different companies for two different types of cybersecurity failure. Let’s take a look. First is GoDaddy.com, one of the largest web hosting businesses in the world. The Federal Trade Commission spanked GoDaddy…
Read MoreMortgage Firms Fined on Cybersecurity Fails
State banking regulators have fined three home mortgage businesses and their corporate parent $20 million for a data breach in 2021 that uncovered a raft of poor cybersecurity practices at the firms. The offending companies will now need to implement an extensive remediation plan, and as usual, the rest of us have numerous lessons to…
Read MoreTwo Insurers Nailed on Data Breaches
Just in time for Thanksgiving, regulators in New York have served up a double helping of cybersecurity enforcement, against two large insurance firms that repeatedly failed to remediate known weaknesses in their IT systems that left customers’ personal data vulnerable to thieves. The New York attorney general and the Department of Financial Services announced their…
Read MoreSEC Hits Four Cos. on Cyber
The Securities and Exchange Commission sanctioned four companies this week for poor disclosure of cybersecurity incidents they suffered, the latest reminder from the agency that it expects companies to be more forthcoming with investors about the cyber issues they have. The sanctions were announced Tuesday against four companies, all of which made inadequate or misleading…
Read MoreJustice Dept. Talks AI Concerns
The Justice Department wants companies tinkering with artificial intelligence to be more open-minded about testing their AI systems and products for vulnerabilities, and specifically wants them to adopt a “vulnerability disclosure program” much the same way tech companies already disclose software bugs. So says Nicole Argentieri, head of the Criminal Division, who delivered a speech…
Read MoreMore Lessons on Cyber Control Failures
We have another glimpse into modern cybersecurity threats and the control weaknesses that allow those threats to happen, courtesy of an enforcement action against a financial services firm that twice was duped by hackers into selling their customers’ assets. The financial services firm is Equiniti Trust Co., a registered transfer agent — that is, a…
Read More