July 2, 2024 at 01:13PM Odaseva, a leading enterprise data security platform for Salesforce, has secured a $54 million Series C financing, bringing their total funding to over $90 million. The investment will support their growth, data security, and product development. With a growing customer base, including Global Fortune 500 companies, Odaseva remains committed to … Read more
June 28, 2024 at 09:35AM 1touch.io has launched its mainframe security posture management (MSPM) product, utilizing contextual AI to enhance data discovery and classification accuracy. Mainframes, supporting majority of global IT workloads, face security challenges in hybrid cloud environments. MSPM offers comprehensive visibility and fast database scanning, integrating with mainframe data sources and supporting various … Read more
June 28, 2024 at 09:18AM ICE faced a $10 million fine from the SEC for delaying reporting a VPN breach, violating compliance requirements. No clear reason for the delay was provided. The case highlights risks of bypassing compliance for quick response, showing cybersecurity’s broad business impact and insurance implications. Boards are urged to ask better … Read more
June 12, 2024 at 03:30PM Starting June 11, US government contractors must submit a Secure Software Development Attestation Form, confirming adherence to secure-by-design principles and scrutiny of software components through software bills of material (SBOMs). Only 20% of respondents are prepared for this federal cybersecurity attestation, with 16% incorporating SBOMs into their software development. Other … Read more
June 6, 2024 at 10:02AM Summary: Citizen developer applications, enabled by low-code/no-code technology, pose security risks known as “shadow engineering.” Despite potential benefits, these apps bypass traditional security measures, leaving organizations vulnerable. To mitigate risks, applying traditional security principles to these apps, empowering citizen developers, enforcing compliance, and regular monitoring are crucial. Based on the … Read more
June 4, 2024 at 05:16PM The 2024 SANS Threat Hunting Survey reveals a rise in organizations adopting formal threat-hunting processes, reflecting a standardized approach in cybersecurity strategies. The survey’s participants span various industries and organization sizes, showcasing the multifaceted nature of threat hunting. Notably, prevalent cyber threats include BEC and ransomware, prompting evolving threat-hunting practices … Read more
May 31, 2024 at 10:07AM The American Privacy Rights Act of 2024 (APRA) is a comprehensive national legislation aiming to hold organizations accountable for privacy. It includes requirements like CEO-signed compliance certification, biennial audits, and publishing privacy policies. However, concerns remain about transparency, ethics, and the impact of GenAI models, indicating the need for further … Read more
May 28, 2024 at 08:51AM Hg, a UK-based private equity company, has acquired AuditBoard for over $3 billion and invested $111 million in it. AuditBoard offers a platform for streamlining audits, compliance, risk detection, and ESG monitoring, with a claimed annual recurring revenue exceeding $200 million and over 2,000 customers. The acquisition reflects a long-term … Read more
May 22, 2024 at 02:04PM File Integrity Monitoring (FIM) is a critical IT security control that audits file changes and system configurations to ensure data integrity. Compliance with cybersecurity standards is essential for mitigating risks and protecting an organization’s reputation. Wazuh’s FIM capability helps meet these standards by monitoring and detecting unauthorized file changes, thus … Read more
May 22, 2024 at 01:23PM The Intercontinental Exchange (ICE) has agreed to pay a $10 million penalty to settle charges by the SEC for failing to promptly report a 2021 VPN security breach. ICE, a Fortune 500 company, owns global financial exchanges and employs over 13,000 people. The breach, caused by suspected state hackers, exposed … Read more