A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Kudos to the various organizations who pulled off amazing sting. I’ve said this many times over the years, but I really mean it this time. THIS one has to be a movie!

Organizations that want to do business with the Department of Defense are required to achieve CMMC compliance by the end of this year. Sumo Logic can serve as a tool to assist your organization in achieving CMMC compliance.

The following is an excerpt from Netskope’s recent book Designing a SASE Architecture for Dummies. This is the fourth in a series of seven posts detailing a set of incremental steps for implementing a well-functioning SASE architecture. This is when you’ll begin to put NG-SWG to work as you lay the foundation of your SASE. Fortunately, the capabilities needed to set things right are built into NG-SWG.

If you're an Australian business and confused about which cybersecurity frameworks you should be complying with, you're not alone. Unlike the United States, Australia currently doesn't have clear mandatory minimum cybersecurity standards for businesses. This is likely to change in the near future. The Australian government is being pressured to follow the United State's lead in lifting the Nation's security posture.

Software as a service (SaaS) apps have reshaped the way we stay productive. By having everything easily accessible in the cloud, we are able to get work done from anywhere and on any device. But, as we know, this flexibility has also introduced security challenges, as your data is also easier to reach for malicious actors. This is why the purchase of a cloud access security broker (CASB) is never that controversial. Most organizations understand that cloud apps require additional protection.

On January 20, President Joseph Biden issued Executive Order (E.O.) 13990 to help protect U.S. bulk power organizations. This Order enacted a 90-day suspension of E.O. 13920 which was set by the previous administration. The new executive order empowered the Secretary of Energy (“Secretary”) to publish new criteria around pre-qualifying vendors of electric equipment, as well as to devise rules for helping U.S. entities replace electric devices at risk of sabotage.

90% of companies are on the cloud (Galov). That includes industries historically slow to adopt new technology, like Architecture, Engineering and Construction (AEC). However, recent economic and workplace disruptions have pushed AEC firms more aggressively into the public cloud waters - looking for cost effective ways to access compute power, more efficiently process data, provide access to files and applications, and tap into advanced analytics to draw insights from and manage data.

In a strong shortlist of seven finalists, Redscan took home a High Commendation in the Best Managed Security Service category for the second consecutive year. We were also a finalist in the Best Customer Service and Best SME Solution categories. The SC Awards recognises the people, products and services that exemplify the best solutions for customers in the security industry.

Get practical steps for MISRA and AUTOSAR compliance to improve code quality, safety, and security in automotive software. Recent advancements in the automotive industry include the development of autonomous driving systems, connectivity units, and digital cockpits and infotainment systems that improve the user experience.

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.