The United States Federal Trade Commission (FTC) has warned the public to be cautious if contacted by people claiming to be... FTC staff. In a warning published on its website, the FTC said that scammers were using its employees' real names to steal money from consumers.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

Vulnerability management isn’t just about identifying weaknesses; it’s about effectively addressing them. How do you know if you’re on the right track? Are you effectively addressing vulnerabilities and minimizing risks? To answer these questions, you need more than just a list of potential metrics – you need clarity on what truly matters.

Malware often hides communications with its command and control (C2) server over HTTPS. The encryption in HTTPS usually conceals the compromise long enough for the malware to accomplish its goal. This makes detecting malware that uses HTTPS challenging, but once in a while, you will catch a break, as in the case here with AsyncRAT, a Windows remote access tool that has been deployed over the past year to target organizations that manage critical infrastructure in the United States.

The Keeper Security team is thrilled to announce an updated User Interface (UI) for the Admin Console that drastically improves the user experience to save admins time and enhance productivity. The UI has a modern design that cohesively follows the much-applauded enhancements to Keeper’s end-user vault, released in 2023. The new Admin Console also provides an embedded onboarding experience that streamlines and facilitates new user adoption and proactively spotlights beneficial features.

The amount of money to run an AI-based disinformation campaign is miniscule compared to the influence the campaign can have on society. As I noted in my recent SecurityWeek piece “Preparing Society for AI-Based Disinformation Campaigns in the 2024 US Elections”, there are four common steps in these efforts: Reconnaissance, content creation, amplification and actualization.

Any business or service provider looking to work with the federal government or one of its departments or agencies is going to need to comply with one of the security frameworks as appropriate for their role, usually something like CMMC, FedRAMP, or HITRUST. A key part of these security frameworks is verification and validation that security measures are in place and that continuous monitoring is effective.

Managing user identities and access controls is a critical challenge for modern businesses. With remote work, cloud computing, and stringent data privacy regulations, organizations need robust identity and access management (IAM) solutions to ensure secure access to their applications and data. However, when it comes to implementing IAM, companies often face a choice: build a custom solution in-house or buy a third-party product.

Criminals have always been among the first to adopt the latest technology to benefit themselves financially. Famed bank robbers Bonnie and Clyde used high-powered V-8 engine-equipped Ford cars to outrun local police. Other gangs used the telephone to help coordinate their activities, and some realized they could gain an edge by outgunning security and police by toting Thomson submachine guns.

Most businesses depend on their supply chains for success — but as the Covid-19 pandemic painfully demonstrated, few companies have a full grasp of their supply chain risk and know how to manage that risk well. One crucial issue is how you communicate with your vendors; vendor communication is a vital part of the procurement process. In this article we’ll explore several strategies for efficient and effective communication and how you can implement them.