A waterfall of looming cyber checklists from Managed Service Provider customers are becoming increasingly common. New regulations, laws, guidelines, and standards of compliance are driving them. However, the expertise required in areas of risk and privacy are creating operational headaches and creating unnecessary risk when techs consult in areas that are better handled by risk managers and legal teams. We will discuss how the National Institute of Standards and Technology multiple frameworks in privacy and cybersecurity offer relief of risk especially when techs are asked by key accounts about legal compliance and why partnering with a Governance as a Service Provider like Omnistruct works for all involved.
Conti is a relatively new addition to the ransomware landscape, however, it has turned to be quite destructive. It is a more accessible variant of Ryuk and works in a RaaS model. Cyware Alerts I February 16, 2021
VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product. By Eduard Kovacs I February 15, 2021
A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. By Ravie Lakshmanan I February 17, 2021
QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software. By Sergiu Gatlan I February 17, 2021
SQLite has issued a security patch after the discovery of a use-after-free bug that, if triggered, could lead to arbitrary code execution or denial of service (DoS). By Adam Bannister I February 16, 2021
One of the first malware samples tailored to run natively on Apple's M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company's latest generation of Macs powered by its own processors. By Ravie Lakshmanan I February 18, 2021
Cisco Talos has uncovered a credential-stealing trojan that lifts your login details from the Chrome browser, Microsoft's Outlook and instant messengers. By Gareth Corfield I February 18, 2021
A single data breach of a computer network belonging to anything from a hotel chain to a restaurant or any number of otherwise run-of-the-mill businesses can spawn a host of negative consequences — putting, for example, a massive amount of customer data at risk and opening up those customers to fraud and other nefarious actions as a result. By Andy Meek I February 15, 2021
At the end of the Trump Administration, the bipartisan Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (“the Act”) was enacted after passing the House of Representatives on a suspension of the rules and the Senate by unanimous consent. The Act requires agencies to increase cybersecurity for IoT devices owned or controlled by the federal government. Despite its seemingly limited scope, the Act is anticipated to have a significant, wide-ranging impact on the general development and manufacturing of IoT devices. By Gibson Dunn I February 17, 2021
NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, detailing the rise of low complexity vulnerabilities as well as those which require no user interaction to exploit. By Help Net Security I February 17, 2021
Standard, everyday appliances like dishwashers and ovens, and necessary devices such as lights and thermostats, are increasingly likely to be Wi-Fi enabled, allowing them to send and receive data. These objects are widely called the internet of things (IoT). These IoT devices have cybersecurity and privacy considerations that differ from normal information technology (IT) devices (e.g., laptops, smartphones, servers). By McDermott Will & Emery I February 17, 2021
Whether it's a new set of solar panels glistening on a neighbor's roof or a freshly installed smart thermostat at home, burgeoning renewable and smart technologies represent steps toward a sustainable future. But much of their potential will remain untapped unless the power grid is managed in a much more flexible way. By Eureka Alert I February 18, 2021
Sentar Inc. (Sentar), a women-owned business specializing in advanced cybersecurity and intelligence solutions and technology, announced today that Sentar has received an official designation as a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) from CMMC-AB. By Business Wire I February 18, 2021
Restrictions brought by the COVID-19 pandemic lurched businesses toward the digital space, and as work-from-home continues to be the norm, there is also an increased awareness of cybersecurity. Enterprises both big and small are faced with cyber threats, and the need to adopt security measures is more critical than ever. By Back End News I February 19, 2021
Digital transformation is as much about the business as it is about the technology. Better communication with ‘software people’ could bring the two together, argues Twilio CEO Jeff Lawson. By Mary Branscombe I February 18, 2021
Cybersecurity researchers on Monday disclosed details of a now-patched flaw in the Telegram messaging app that could have exposed users' secret messages, photos, and videos to remote malicious actors. By Ravie Lakshmanan I February 15, 2021
Guardforce AI has acquired information security and penetration testing consultants Handshake Networking. Financial terms of the deal were not disclosed. By Joe Panettieri I February 14, 2021
Palo Alto Networks has acquired Bridgecrew for cloud security posture management (CSPM) and DevOps-related security capabilities, according to two third-party reports. By Joe Panettieri I February 16, 2021
Palo Alto Networks has upgraded its Prisma Access security access service edge (SASE) platform to help organizations protect their remote workers against cyberattacks, according to a prepared statement. By Dan Kobialka I Feb 17, 2021
Fourteen luminaries spanning managed security service providers, IT and cybersecurity providers, venture capital and academia have been named to the security-centric CompTIA Information Sharing and Analysis Organization’s (ISAO) inaugural executive advisory council. By D. Howard Kass I February 16, 2021
Fear of missing incidents (FOMI) and alert fatigue are “real” problems for many MSSP security analysts and managers, according to “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies” report from FireEye. By Dan Kobialka I February 16, 2021
On Christmas Eve last year, Washington State Auditor Pat McCarthy’s office issued a dire warning that state agency computer systems and data make “attractive targets for cyberattacks.” By Settletimes I February 15, 2021
An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries. By Bernard Meyer I February 17, 2021
The leak could put 110,000+ Lithuanian CityBee users at risk of identity theft and credential stuffing attacks. A database that belongs to CityBee, a car sharing service that operates in the Baltic states and Poland, has appeared on a popular hacker forum. By Edvardas Mikalauskas I February 17, 2021
International law firm Jones Day has been targeted in a ransomware attack and the stolen files were dumped on the internet. By Duncan Riley I February 16, 2021
Manage Your Newsletter Subscription! |
Sincerely, Omnistruct, 2740 Fulton Avenue #101-02, Sacramento, CA 95821, USA, (866) 683-8827 |