CMMC just became more complicated or more simple. The feds published an advance notice of proposed rulemaking (ANPR) for CMMC 2.0 and then just as quickly, unpublished it. The Federal Register, the place where official notices are published only said that they asked for it to be unpublished. So people saw the ANPR for about […]
Continue reading → [DISPLAY_ACURAX_ICONS]Hackers are targeting the cloud. Why? To paraphrase Willie Sutton, because that is where the data is. Historically, penetration testers gain access to network devices through the “perimeter defense” and then they move around (the so-called east-west movement) trying to get access to data, wherever it lives inside the network perimeter. But in the cloud, […]
Continue reading → [DISPLAY_ACURAX_ICONS]In response to Executive Order 14028 on improving the nation’s security, NIST was required to produce a set of requirements for consumer software to obtain a security “seal of approval”. Right now the EO calls for the security standard to be voluntary. The theory is that if consumers have a choice between a product that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Smartphone Counterespionage Tips for Travellers Most people say “who would be interested in me?” but the reality is that foreign governments track Americans for a variety of reasons, both good and bad. Read this article to find some tips that could keep you below the radar and your information safer. Are Surveillance Cameras the Answer […]
Continue reading → [DISPLAY_ACURAX_ICONS]Vendor risk must be a core part of every company’s cybersecurity program, but it is hard. Especially when the company is a tech company, developing software that you use. The term Minimum Viable Product or MVP is a term marketing folks have used for years to describe creating a version 1 product that has the […]
Continue reading → [DISPLAY_ACURAX_ICONS]This is probably not a surprise to anyone who is past elementary school – and probably not to many who are still in elementary school, but the group that was behind last year’s SolarWinds attack is still at it. Just like with SolarWinds, they are going after the global supply chain. 140 managed service providers […]
Continue reading → [DISPLAY_ACURAX_ICONS]