Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out.

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards.

Cyber Rhino Threat Week (which took place from December 9 – 13, 2024) aims to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem. This keynote session certainly set the stage for the week, exploring the complexities that organizations must consider when establishing and operating an effective Cyber Threat Intelligence (CTI) program.

The effectiveness of external attack surface management (EASM) and third-party risk management (TPRM) capabilities hinges on the depth, breadth, and timeliness of the underlying data they are based on. For this reason, Bitsight makes a significant ongoing investment in: The introduction of Bitsight’s next-generation data engine enabled many improvements to our capabilities across all of these areas throughout 2024.

At Mend.io, we’re passionate about code security. That’s why we’re thrilled to announce a strategic partnership with JetBrains that integrates Mend.io’s robust security solutions directly into JetBrains IDEs and Qodana environments. With the help of Mend.io, JetBrains users will now have access to robust Software Composition Analysis (SCA) and malicious package detection.

The foundation of Windows security is simple — if you want access to a network resource such as a file or folder, you need the appropriate permissions. But implementation is more complex because the Windows operating system has two types of permissions: NTFS permissions, which operate at the file system level, and share permissions, which govern network access to shared resources.

Government contractors handling Controlled Unclassified Information (CUI) for the Department of Defense must navigate complex compliance requirements. Central to these requirements is the Cybersecurity Maturity Model Certification (CMMC), which mandates conformance to NIST SP 800-171 and DFARS 252. This framework encompasses 110 security requirements across 14 security domains, including Access Control, Audit and Accountability, Risk Assessment, Incident Response, and several others.

There is an increasing need for traceability and attestation of the actions taken as software moves across the SDLC. Emerging regulations and policies around secure software development are rapidly evolving, and it’s important to stay ahead of the changing landscape. Some organizations have taken a proactive approach with home-grown solutions or manual processes, but despite best efforts, these solutions often lack scale and eventually falter over time.

Mobile app security testing identifies and assesses security vulnerabilities in mobile applications, including Android and iOS. It is a part of a more extensive security assessment or penetration test encompassing the client-server architecture and server-side APIs used by the mobile app. Mobile app security testing (MAST) is an afterthought since organizations want to release their apps faster, and development teams are understaffed and overworked. The result?

2024 was a year unlike any other—a year of transformation, resilience, and immense progress. Despite the challenges our team faced, including the impact of the war in Israel, we stood strong, united by our mission to secure AI Agents everywhere, and focusing on providing impactful value to our customers and partners. Together, we laid the foundation for the next wave of innovation, enabling enterprises to embrace this revolutionary technology with confidence and security.