November 14, 2024 at 07:09AM Children’s shoemaker Start-Rite is facing a serious security incident involving customer payment card details, marking its second major breach in eight years. The incident, occurring between October 14 and November 7, may have compromised sensitive information. Customers are advised to contact their banks and monitor transactions for fraud. ### Takeaways … Read more
November 14, 2024 at 06:10AM NIST reported that all known exploited CVEs in the backlog have been addressed, but acknowledged that completely clearing the backlog by October was overly optimistic. **Meeting Takeaways:** 1. **Status of CVE Backlog**: NIST has addressed all known exploited CVEs but acknowledges that clearing the entire backlog by October was an … Read more
July 17, 2024 at 10:41AM The evolving modern work landscape, driven by distributed teams and rapid SaaS adoption, presents significant challenges in maintaining IT compliance certifications. Navigating SaaS sprawl and completing user access reviews for compliance becomes complex and labor-intensive. Nudge Security offers an automated solution, from asset discovery to generating audit-ready reports, simplifying IT … Read more
April 1, 2024 at 04:31PM The UK regulator reported that one of the world’s most toxic sites faced cybersecurity “offenses” from 2019 to 2023. Based on the meeting notes, it seems that the UK regulator mentioned that a particularly hazardous site had experienced cybersecurity “offenses” from 2019 to 2023. This suggests a serious breach of … Read more
March 27, 2024 at 09:25AM IT teams can improve their resilience to scrutiny by educating their board on risks, their mitigation, and their long-term strategy for risk management. Based on the meeting notes, the key takeaways are that the IT teams need to improve their ability to handle scrutiny by guiding the board in understanding … Read more
March 15, 2024 at 12:33PM All companies, not just federal agencies, should strive to implement the “network and environment” aspect of the National Security Agency’s zero-trust guidelines. Based on the meeting notes, the key takeaway is that it is recommended for all companies, not just federal agencies, to strive to implement the “network and environment” … Read more
February 2, 2024 at 04:20PM Blackbaud, facing criticism from the FTC for a data breach that exposed millions of people’s information, has agreed to strengthen its IT defenses. The settlement includes deleting unnecessary customer data, updating its data retention policy, and implementing enhanced security measures. The SEC and attorneys general have also secured settlements over … Read more