The Defense Federal Acquisition Regulation Supplement, better known as DFARS, has significance for contractors working with the Department of Defense (DoD). Our intention is to offer a comprehensive perspective on DFARS in the context of cybersecurity, its various clauses, and the intricacies of maintaining compliance as these rules constantly shift and change over time.

We’ve talked a lot about FedRAMP, CMMC, and the typical business/contractor security controls outlined in NIST SP 800-171, but these aren’t the only elements of cybersecurity that the government wants enforced. There are also the DISA STIGS to follow. What are they, do they apply to you, and how can you follow them?

As we bid farewell to another remarkable year filled with significant milestones, we are thrilled to look back and share the acknowledgements we received from industry experts for our unified endpoint management and security solution, ManageEngine Endpoint Central.

Trustwave today is proud to share that we have officially closed the deal that sees The MC² Security Fund, the private equity fund of The Chertoff Group, acquire Trustwave. Today’s news marks a significant milestone for us and endorses our continuing industry leadership. I am thrilled to be leading the team that will take Trustwave into the next phase of our cybersecurity journey.

AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. During at least 11 months, this threat actor has been working on delivering the RAT through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions.

In the cyber realm, where digital defense and offense is an ongoing game of cat and mouse, one of the most potent weapons in an attacker's arsenal is the web shell. A seemingly innocuous piece of code that, once embedded in a server, allows an attacker to maintain their access and control. The hidden danger of web shells is their stealthiness and versatility, making them a challenging threat to uncover and neutralize.

“Secure the endpoints!” This battle cry can sound like a meme, sure, but it also highlights arguably the most important part of modern cybersecurity today: are we securing the endpoints? A compromised network is likely to leave traces of anomalous and unauthorized activities that originate from network endpoints.

When it comes to cybersecurity governance, 2023 stood out as one of the most eventful in a very long time. With everything from the enactment of stronger new cybersecurity regulations around incident disclosure from the Securities and Exchange Commission (SEC) to significant changes afoot for financial and cloud services providers operating within the European Union, many companies worldwide will be called to adjust to a new normal in 2024.

First, let me say happy new year! The holiday season has come and gone—seemingly overnight—and just like that, 2024 is well underway. At SafeBreach, we are eagerly looking to the new year and all that it will bring, including new goals and new opportunities to empower customers with greater visibility into the efficacy of their security tools and programs.

Phishing isn’t anything new. It’s been a tried and true threat for nearly 30 years. Its age, however, doesn’t diminish its seriousness.