Litigation filed against American fast-food chain Sonic over a 2017 data breach has been allowed to proceed. Financial institutions brought a lawsuit against Sonic Corp after it emerged that financial data belonging to customers of the restaurant had been stolen in a cyber-attack. The attacker(s) installed malware on a point-of-sale system used at hundreds of Sonic franchises. In a data breach notice issued at the time of the attack, Sonic stated: “Sonic Drive-In has discovered that credit and debit card numbers may have…

The United States is considering putting a cap on the amount of time an individual can work in the role of director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).  Bipartisan House lawmakers introduced legislation this week that proposes limiting the term of the top cybersecurity role to five years.  If passed into law, the proposed CISA Cybersecurity Leadership Act would also reaffirm that the role of CISA director requires Senate approval after presidential nomination. …

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released the final version of a Cybersecurity Practice Guide for first responders.  The NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders (PSFRs) was developed in collaboration with industry stakeholders and NIST’s Public Safety Communications Research Lab.  To provide emergency care and support, PSFR personnel rely on mobile platforms to access public…

Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents. Image: iStock/Simonkolton Microsoft has raised alarm bells over a new cyberattack that’s actively targeting Windows users by exploiting a security flaw through malicious Office documents. In a security update released on Tuesday, the software giant described its investigation into a remote code execution vulnerability in MSHTML that works through specially crafted Microsoft Office documents. SEE: Incident response policy (TechRepublic…

I’m back at it again with another round of our executive blog series. This week I had the privilege to speak with Tom Gann, our Chief Public Policy officer and he had some interesting things to say on the cyber security issues that are shaping public policy dialogue in Washington DC and other capitals around the world, and much much more. Q: What is one event in your life that made you who you are…