Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 3, 2022 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-01 – Improving Asset Visibility and Vulnerability Detection on Federal Networks, a compulsory order intended to “make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities.” BOD 23-01 mandates that Federal Civilian Executive Branch (FEEB) agencies complete a series of required actions within six months, or by April 3, 2023.

Effectively managing the many open source licenses used in enterprise software is a complex task that requires a thorough evaluation of key features in software license management tools. After that, you need to implement the technology using several best practices. In this blog post, let’s take a brief look at both.

A regulation is a government-enforced set of security guidelines an organization must follow to increase its cybersecurity standards. A cybersecurity framework, on the other hand, is a set of guides helping organizations improve their security posture.

The owner of a Russian penetration-testing company has been found guilty of being part of an elaborate scheme that netted $90 million after stealing SEC earning reports. For nearly three years, 42-year-old Vladislav Klyushin - the owner of Moscow-based cybersecurity firm M-13 - and his co-conspirators had hacked into two US-based filing agents used by publicly-traded American companies to file earning reports to the Securities and Exchange Commission.

Everyone knows what phishing is. It has been around for more than two decades. Now it seems that phishing is more accessible than before. This blog covers how malicious actors can benefit from the rise of subscription models of phishing, or “Phishing as a Service.”

If you work in a financial organization that operates in the US, you’ll have heard the phrases Nacha and ACH. Together, these entities affect many of the transactions you’re responsible for — and dictate how, why, and when your business accesses sensitive data. But, what exactly are they? And, what’s the difference between the two? Read on to find out.