Source: securityboulevard.com – Author: Michael Vizard Palo Alto Networks this week extended its secure access service edge (SASE) platform to make it possible to apply cybersecurity policies to unmanaged devices. Anand Oswal, senior vice president and general manager for network security for Palo Alto Networks, said Prisma SASE 3.0 will make it simpler to broadly […]

La entrada Palo Alto Networks Extends SASE Reach to Unmanaged Devices – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Prisma SASE 3.0 promises to make it simpler and faster to apply zero-trust policies.

The post Palo Alto Networks Extends SASE Reach to Unmanaged Devices appeared first on Security Boulevard.

Password reset FAILURE: The U.S. Cybersecurity and Infrastructure Security Agency warns GitLab users of a 100-day-old, maximum severity vulnerability.

The post GitLab ‘Perfect 10’ Bug Gets a CISA Warning: PATCH NOW appeared first on Security Boulevard.

Drop Dropbox? The company apologized as user details were leaked from its “Dropbox Sign” product.

The post Dropbox Hacked: eSignature Service Breached appeared first on Security Boulevard.

Despite payouts the oil and gas giant faces growing investor pressure to address its carbon emissions

Shell will shower its shareholders with another $3.5bn (£2.8bn) in share buy-backs over the next quarter after reporting better than expected profits of almost $8bn for the first three months of the year.

The company reported adjusted earnings of $7.7bn for the first quarter, below the $9.6bn earned in the same quarter last year but well above analyst predictions of $6.5bn.

Continue reading...

💾

© Photograph: Toby Melville/Reuters

💾

© Photograph: Toby Melville/Reuters

he opening keynote of Kaseya Connect Global 2024, Kaseya CEO Fred Voccola introduced the world to a solution that changesRead More

The post Kaseya 365 Ushers in the Dawn of a New Era in IT & Security Management appeared first on Kaseya.

The post Kaseya 365 Ushers in the Dawn of a New Era in IT & Security Management appeared first on Security Boulevard.

Medical device manufacturer’s policy ultimately passed, putting maximum payout for Deepak Nath at $11.8m

• Nils Pratley: The boardroom pay game has changed for ever

Smith & Nephew had a shareholder revolt on Wednesday when nearly half of voting investors rejected the medical device manufacturer’s plans to raise its chief executive’s pay packet to $11.8m (£9.5m).

But the company’s pay policy, which will increase the maximum payout for Deepak Nath – who is based in Texas – by nearly a third, was narrowly approved, despite 43% of votes cast against the proposals at its annual general meeting in Watford.

Continue reading...

💾

© Photograph: Martin Berry/Alamy

💾

© Photograph: Martin Berry/Alamy

Venafi today launched an initiative to help organizations prepare to implement and manage certificates based on the Transport Layer Security (TLS) protocol.

The post Venafi Launches 90-Day TLS Certificate Renewal Initiative appeared first on Security Boulevard.

Nice Cup of IoTea? The UK’s Product Security and Tele­comm­uni­cations Infra­struc­ture Act aims to improve the security of net-connected consumer gear.

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard.

FinOps, a portmanteau of Finance and DevOps, is a strategic framework created to help companies understand and manage their cloud costs, enabling greater efficiency in cloud service usage. Created by the FinOps Foundation, this financial management discipline brings together finance teams, engineering teams, operations staff, and other stakeholders together to optimize spending and maximize business value. The FinOps operational framework can help your organization maximize the business value of cloud by improving collaboration, expense and asset management, and decision making. Once you implement a FinOps framework, you can make decisions based on the greatest possible return on investment, rather than simply trying to cut costs.

The post An Introduction to FinOps Governance: How to Get Started appeared first on Security Boulevard.

Source: securityboulevard.com – Author: Riddika Grover The rise of digital technology has provided great convenience to the banking sector, but it has also opened up the doors to cyber attacks. A recent incident at a well-known Indian bank acts as a wake-up call, emphasizing the need for a strong cybersecurity framework. The incident was mentioned […]

La entrada Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

One thing you quickly realize in cybersecurity is that change is a constant. Cyber criminals, nation-state hacking crews, and ideologically motivated hackers are always on the lookout for new technologies, tools, and tactics that give them an edge against defenders. Defenders and those who equip them must also constantly adapt: embracing change as a means of staying one step ahead of the threats. 

The post Introducing the Unified RL Spectra Suite appeared first on Security Boulevard.

Safeguarding Your SAP Environment:SafePaaS GRC IntegrationIn the intricate tapestry of enterprise operations, SAP solutions often form the backbone, weaving together processes, data, and insights. Yet, this complexity comes with a price: the constant threat of security breaches and compliance issues. Here, SafePaaS Governance, Risk, and Compliance (GRC) solutions emerge as […]

The post Safeguard your SAP environment appeared first on SafePaaS.

The post Safeguard your SAP environment appeared first on Security Boulevard.

The rise of digital technology has provided great convenience to the banking sector, but it has also opened up the doors to cyber attacks. A recent incident at a well-known Indian bank acts as a wake-up call, emphasizing the need for a strong cybersecurity framework. The incident was mentioned in the Reserve Bank of India’s […]

The post Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing appeared first on Kratikal Blogs.

The post Ensuring RBI Compliance: Crucial Cybersecurity Measures to Protect Financial Standing appeared first on Security Boulevard.

The Federal Communications Commission has fined the largest phone carriers in the country - AT&T, Sprint, T-Mobile and Verizon - $200 million over illegal data sharing of its customers location with third parties, and that with inadequate safeguards in place. Of the four, T-Mobile was fined the most with more than $80 million but it will pay another $12 million as Sprint, which was acquired by them in April 2020 was fined separately for its malpractices prior to the acquisition. AT&T was fined more than $57 million and Verizon nearly $47 million. The FCC Enforcement Bureau investigations of the four carriers found that each of them sold access to its customers’ location information to aggregators, who then resold access of such information to third-party location-based service providers. For example, AT&T had arrangements with two location information aggregators: LocationSmart and Zumigo, which in turn, had arrangements with location-based service providers.  “In total, AT&T sold access to its customers’ location information (directly or indirectly) to 88 third-party entities,” the FCC said.

“The largest wireless carriers in the country were selling our real-time location information to data aggregators, allowing this highly sensitive data to wind up in the hands of bail-bond companies, bounty hunters, and other shady actors,” said FCC Chair Jessica Rosenworcel.

The agency stated, "Each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained." Furthermore, when the carriers became aware of the inadequacy of their procedures, they failed to halt the sale of access to location information or adequately safeguard it from unauthorized access. AT&T and Verizon revealed their intention to appeal the FCC's decision, citing legal and factual discrepancies in the agency's order, while T-Mobile planned to challenge the decision, emphasizing its commitment to safeguarding customer data and labeling the fine as excessive. All three companies highlighted that the program for which they were fined ended approximately five years ago.

Views of the Illegal Data Sharing Whistleblower

Senator Ron Wyden (D-OR), commenting on Monday's action praised the FCC for penalizing wireless carriers.

“No one who signed up for a cell plan thought they were giving permission for their phone company to sell a detailed record of their movements to anyone with a credit card ,” Wyden said. “I applaud the FCC for following through on my investigation and holding these companies accountable for putting customers’ lives and privacy at risk.”

The issue first came to light in 2018 when Wyden discovered the carriers' practices, revealing instances of abuse by government officials and others who obtained location data without proper authorization. The FCC found the telecom companies' practices in violation of section 222 of the Federal Communications Act, which mandates confidentiality of customer information and affirmative consent before sharing or accessing customer location data. FCC’s action comes weeks after the House of Representatives passed the Fourth Amendment Is Not For Sale Act, which would prohibit law enforcement agencies from buying location data and other sensitive information about Americans, without a court order. Privacy advocates cheered the bill’s passage but it now faces an uphill task in the Senate and the White House. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

MDM Hindered: Android phones are still OK; this is Samsung’s home, after all.

The post South Korean iPhone Ban: MDM DMZ PDQ appeared first on Security Boulevard.

OMB’s memo M-24-10 (5c. Minimum Practices for Safety-Impacting and Rights-Impacting Artificial Intelligence) is prescriptive (and timebound): No later than December 1, 2024 and on an ongoing basis while using new or existing covered safety-impacting or rights-impacting AI, agencies must ensure these practices are followed for the AI: D. Conduct ongoing monitoring. In addition to pre-deployment […]

The post Managing Generative AI Risk and Meeting M-24-10 Mandates on Monitoring & Evaluation appeared first on Security Boulevard.

The widespread adoption of cloud services has introduced cybersecurity challenges and compliance complexities due to various privacy regulations in different jurisdictions. According to Pew Research Center, 79% of respondents expressed concerns about the collection and processing of their personal data by companies and government entities. Customers relying on multiple cloud providers have limited control over […]

The post What is General Data Protection Regulation Act (GDPR)? appeared first on Kratikal Blogs.

The post What is General Data Protection Regulation Act (GDPR)? appeared first on Security Boulevard.

The warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure.

The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.

Company Controllers and Directors of Internal Audit are intimately familiar with the complexities and resource demands of SOX audits. While meticulous adherence to regulations is paramount, relying solely on manual processes for audit preparation can wear down your team, raise error rates, and, let’s face it, become surprisingly costly. Let’s break down the reality of...

The post Is Manual SOX Audit Prep Burning Out Your Team (And Your Budget)? appeared first on Pathlock.

The post Is Manual SOX Audit Prep Burning Out Your Team (And Your Budget)? appeared first on Security Boulevard.

Law professor Dan Solove has a new article on privacy regulation. In his email to me, he writes: “I’ve been pondering privacy consent for more than a decade, and I think I finally made a breakthrough with this article.” His mini-abstract:

In this Article I argue that most of the time, privacy consent is fictitious. Instead of futile efforts to try to turn privacy consent from fiction to fact, the better approach is to lean into the fictions. The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well. I argue that privacy consent should confer less legitimacy and power and that it be backstopped by a set of duties on organizations that process personal data based on consent...

The post Dan Solove on Privacy Regulation appeared first on Security Boulevard.

As the United States gears up for another round of crucial elections, the focus on securing polling locations is more critical than ever. In a bid to fortify security preparedness at the frontline of U.S. elections, the Cybersecurity and Infrastructure Security Agency (CISA) has released the Physical Security Checklist for Polling Locations, a new tool tailored to empower election workers with actionable and accessible security measures.

Cait Conley, Senior Advisor at CISA, emphasized the importance of protecting polling places, stating, “Protecting against physical threats to election locations like polling places where Americans cast their vote is one of the most significant responsibilities election officials bear. CISA is committed to doing anything we can to support this mission,”

Simplified Security Measures With Physical Security Checklist

The Physical Security Checklist is part of CISA’s suite of election security resources, designed to equip election workers with straightforward measures for enhancing security at temporary election facilities. It is crafted for simplicity, requiring no prior security expertise for implementation, and covers pre-planning and Election Day procedures. The checklist is adaptable to individual facility needs and resources, allowing election workers and volunteers to assess potential security threats and incidents easily. Through a series of yes or no questions, election workers can evaluate existing security measures and identify areas for improvement, aiding in the establishment and enhancement of physical security measures. While no measure can eliminate all risk, these resources empower officials to understand, mitigate, and address security challenges proactively. The checklist is part of a broader initiative by CISA to support the physical security of election infrastructure. The agency's Protective Security Advisors, serving all 50 states, the District of Columbia, and territories, offer support to state and local election officials by sharing information, conducting physical security assessments of election facilities, and providing no-cost services and training on various security areas. These offerings include de-escalation techniques, responding to active shooter situations, and other physical threat-specific training to address the evolving threats facing election officials.

Key Security Principles

In an effort to ensure ease of use and accessibility, the Physical Security Checklist for Polling Locations broadly addresses several overarching security principles:

1. Identifying Responsibility: Establishing an individual or group responsible for security and safety.
2. Risk Assessment: Utilizing risk assessments to inform security measures.
3. Developing Plans: Developing plans to inform processes and procedures.
4. Refining Measures: Refining security measures before Election Day.
5. Implementing Mitigations: Implementing mitigations and “day of” security measures.
6. Reporting Incidents: Encouraging the reporting of suspicious behavior or potential incidents.

Individuals or groups responsible for preparing polling locations for use on Election Day can utilize this resource to assess potential security vulnerabilities and identify additional actions required in advance of the election. The checklist requires no prior security experience and is designed to be user-friendly. As the nation prepares for upcoming elections, CISA's Physical Security Checklist for Polling Locations serves as a crucial tool in safeguarding the integrity of the electoral process. By empowering election workers with accessible and actionable security measures, CISA continues to demonstrate its commitment to ensuring the security and resilience of U.S. elections. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: securityboulevard.com – Author: Anton Chuvakin Vaguely relevant but very cyber image from Dall-E One pattern I spotted after looking at the evolution of IT and security organizations over the years, including my time at Gartner is: change is hard, but transformation is harder. Perhaps it is an IT Axiom of some sort, with a Theorem I […]

La entrada Baby ASO: A Minimal Viable Transformation for Your SOC – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securityboulevard.com – Author: Brian Robertson The newest version of the European Union Network and Information Systems directive, or NIS2, came into force in January 2023. Member States have until October 2024 to transpose it into their national law. One of the most critical changes with NIS2 is the schedule for reporting a cybersecurity breach.  […]

La entrada Taking Time to Understand NIS2 Reporting Requirements – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.