Cyber Security Informer

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

The Last Watchdog

FEBRUARY 21, 2024

According to DigiCert’s 2024 State of Digital Trust Survey results, released today , companies proactively pursuing digital trust are seeing boosts in revenue, innovation and productivity. The gap between the leaders and the laggards is growing,” says Brian Trzupek , DigiCert’s senior vice president of product. “If

Energy and Utilities

Energy and Utilities IoT Healthcare Manufacturing

Hiring – Senior Technical Cybersecurity Consultant

BH Consulting

APRIL 17, 2024

Communicating technical test results to client through the production of high-quality reports. Candidate attributes Expert knowledge of and broad experience completing cybersecurity assurance testing in line with recognised standards and best practice. Industry experience and certifications may be considered in lieu.

Cybersecurity

Cybersecurity Penetration Testing Software Backups

GDPR certification is here at last – here’s why it’s a game changer

BH Consulting

AUGUST 31, 2022

Luxembourg’s GDPR-CARPA is the first officially recognised certification scheme to be adopted under the regulation. It’s surprising that such a significant development hasn’t received more attention, given the discourse around GDPR certification schemes. So why has it taken this long for a GDPR certification scheme to launch?

Data privacy

Data privacy Data breaches Government Accountability

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

The Last Watchdog

DECEMBER 13, 2023

Related: Why IoT standards matter Digital Trust refers to the level of confidence both businesses and consumers hold in digital products and services – not just that they are suitably reliable, but also that they are as private and secure as they need to be. Notable progress was made in 2023 in the quest to elevate Digital Trust.

Encryption

Encryption Technology CISO IoT

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

JUNE 1, 2023

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. “Why do I need a certificate?” One of Megatraffer’s ads on an English-language cybercrime forum.

Malware

Malware Cybercrime Software Antivirus

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

And this is why DigiCert recently introduced DigiCert® Document Signing Manager (DSM) – an advanced hosted service designed to increase the level of assurance of the identities of persons signing documents digitally. PKI revolves around the issuing and management of digital certificates. Achieving high assurance.

Computers and Electronics

Computers and Electronics Digital transformation Authentication Internet

Google Trust Services ACME API available to all users at no cost

Google Security

MAY 25, 2023

David Kluge, Technical Program Manager, and Andy Warner, Product Manager Nobody likes preventable site errors, but they happen disappointingly often. Most certificate errors are preventable and one of the best ways to help prevent issues is by automating your certificate lifecycle using the ACME standard.

Encryption

Encryption Internet Internet DNS

Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io and Thales

Thales Cloud Protection & Licensing

AUGUST 21, 2023

Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io Second, PKI also relies on key and certificate protocols to verify access credentials for devices and users. and Thales madhav Tue, 08/22/2023 - 05:33 nTropy.io

Manufacturing

Manufacturing Wireless IoT Encryption

ISO management systems assurance

Notice Bored

JULY 20, 2022

In the context of the ISO management systems standards , the internal audit process and accredited certification systems as a whole, are assurance controls primarily intended to confirm that organisations' management systems conform to the explicit requirements formally expressed in the respective ISO standards.

Risk

Risk Information Security Government Cybersecurity

Protect & Serve with the Cloud Cybersecurity Requirements in the Aerospace and Defense Industry

CyberSecurity Insiders

AUGUST 13, 2022

By Edward Talerico, Senior Product Director, Infor LN Industry CloudSuites. Aerospace and defense contractors now face the very real threat of losing business in the United States if they are noncompliant with the Cybersecurity Maturity Model Certification (CMMC) recently imposed by the U.S. Department of Defense. To work with the U.S.

Cybersecurity

Cybersecurity Manufacturing Software Internet

All About Plug Tech Reviews: scam or legit?

Hacker's King

JUNE 30, 2023

The plug is a Responsible Recycling(R2) certified, the most widely adopted global standard and certification program in the industry. Customer Reviews Customer reviews take an important place in deciding whether a product or a website is good or bad. These reviews should provide an overview of the product or services.

Scams

Scams Marketing Engineering Software

Best Android Smart Phones for Business Environments

CyberSecurity Insiders

OCTOBER 17, 2022

To win the trust of those in business environments, Google, the technology giant that is now ruling the smart phones market, has come up with a certification called ‘Android Enterprise Recommended’. Any device that has gained this certification can be blindly trusted, for security and privacy……hmm, at least for now!

Data privacy

Data privacy Marketing Accountability Technology

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

This means security must get factored in during the earliest stages of IoT product development, more pervasively so at the software level and, more so than ever at the hardware level. They come with a “secure element” which embeds encryption keys and authentication certificates at the chip level. “We

IoT

IoT Internet Internet Technology

Our Principles for IoT Security Labeling

Google Security

NOVEMBER 2, 2022

Posted by Dave Kleidermacher, Eugene Liderman, and Android and Made by Google security teams We believe that security and transparency are paramount pillars for electronic products connected to the Internet. At any point in time, a digital product may become unsafe for use.

IoT

IoT Retail Manufacturing Marketing

CISSP Recognized as Top Cybersecurity Certification

CyberSecurity Insiders

JULY 11, 2022

The CISSP (Certified Information Systems Security Professional) certification got a few thumbs-up in a recent Dice article about whether cybersecurity jobseekers need certifications to land a position. Several cybersecurity professionals quoted in the article named the CISSP as a valuable certification. “I Experience Required.

Cybersecurity

Cybersecurity Education

Secure Public Key Infrastructure (PKI) Critical to STIR/SHAKEN

Thales Cloud Protection & Licensing

JUNE 7, 2021

In response to enterprise spoofing, the Federal Communications Commission (FCC) has mandated the implementation of STIR/SHAKEN standards, using certificates to digitally sign phone calls which will verify the caller identity. Furthermore, the complexity of a PKI is expanded at scale. CA root key integrity. Luna HSM root of trust.

Scams

Scams Encryption Authentication Security Intelligence

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

It builds off and extends Aproduct attestation authority, such as DigiCert, issues device attestation certificates for each Matter-compliant device. This step assures that the device meets an interoperability threshold as well as integrates robust security mechanisms at the device level. One is “verified mark certificates,” or VMCs.

Manufacturing

Manufacturing Authentication Marketing Encryption

Securing Containers and Multi-Cloud Operations

Thales Cloud Protection & Licensing

FEBRUARY 11, 2020

509 certificates. Code signing ensures that the application cannot be modified by an unauthorized user, and provides high assurance that only authentic code developed and vetted by the vendor will be executed. Keyfactor Code Assure is purpose-built to solve these problems. SIGN EVERYTHING.

Authentication

Authentication Encryption Risk Software

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

SEPTEMBER 21, 2018

I recently spoke to Chris Ford, vice president of product for Threat Stack , one of the innovators in this space. While adding security is still widely viewed as pumping the brakes on productivity, Ford points out that overlooking security can just as easily inhibit growth in today’s interconnected digital landscape.

Financial Services

Financial Services Data privacy Cryptocurrency Software

Securing Containers and Multi-Cloud Operations

Thales Cloud Protection & Licensing

FEBRUARY 12, 2020

509 certificates. Code signing ensures that the application cannot be modified by an unauthorized user, and provides high assurance that only authentic code developed and vetted by the vendor will be executed. Keyfactor Code Assure is purpose-built to solve these problems. SIGN EVERYTHING.

Authentication

Authentication Encryption Risk Software

Luna HSM 7 Certified for eIDAS Protection

Thales Cloud Protection & Licensing

JANUARY 4, 2021

our flagship product, is certified in accordance with Common Criteria (CC) at EAL4+ level against the electronic IDentification, Authentication and Trust Services (eIDAS) Protection Profile (PP) EN 419 221-5. QTSPs can also issue qualified certificates for customers using on-premises Luna HSM 7 for eIDAS QSCD purposes.

Authentication

Authentication Marketing Encryption Government

New CA/B Forum Code Signing Requirements in Effect – Is Your Organization Compliant?

Thales Cloud Protection & Licensing

JUNE 19, 2023

madhav Tue, 06/20/2023 - 06:29 Numerous breaches and malicious malware attacks have used fraudulent code signing certificates to cause significant damage of the certificate owner’s reputation and business. With the number of high-profile malware attacks making headlines these days, the CA/B Forum passed Ballot CSC-13.

Software

Software Marketing Malware Risk

Hardware-based PKI provides strong passwordless authentication

Thales Cloud Protection & Licensing

JULY 8, 2021

Public Key Infrastructure (PKI) uses key pairs and certificates to verify the identity of users and systems. The digital certificate links the name of an individual to their public key. The PKI environment includes Credential Management solutions for complete lifecycle administration of certificates and permissions.

Authentication

Authentication Password Management Passwords Accountability

A Light-hearted Look at Machine Identities [Newbie Perspective]

Security Boulevard

MARCH 31, 2022

It was the epitome of abstraction and a kind of chaotic deity of certificate creation, proliferating rapidly and running around unmanaged in many cases. It felt maddening to attempt to understand the difference between TLS certificates and SSH keys. Code Signing Certificates [Your In-Depth Guide]. Then there was code-signing.

InfoSec

Advice for the Graduating Class of 2023: Qualities of a Modern Day Cybersecurity Professional

CyberSecurity Insiders

MAY 10, 2023

Director of Product Management, Exabeam A recent survey from the World Economic Forum found that 59% of organizations would have difficulty responding to a cyberincident due to shortage of skills. By Andy Skrei, Sr. The cybersecurity workforce gap also increased by 26.2%

Cybersecurity

Cybersecurity Penetration Testing Technology Hacking

ISO 42001

Centraleyes

MARCH 27, 2024

ISO/IEC 42001:2023 provides a certifiable AI management system framework within which AI products can be developed as part of an AI assurance ecosystem. Certification can be done by licensed auditors, whereas alignment with the framework and preparation for the certification is best done using Centraleyes.

Artificial Intelligence

Artificial Intelligence Risk Data collection Technology

ISO 26262: The ISO Standard for Functional Safety

ForAllSecure

MARCH 3, 2022

In order to achieve ISO 26262 certification, companies must demonstrate that their products meet the required safety level for each application.d. What are the benefits of ISO 26262 certification? How can I achieve ISO 26262 certification? Challenges of ISO 26262. Fuzzing for ISO 26262 Compliance.

Software

Software Technology Risk Marketing

3 Ways to Protect Smart Devices from Criminal Exploits

Thales Cloud Protection & Licensing

JULY 20, 2023

Instead, in today’s IoT landscape, we need additional authentication layers at the gadget level to ensure any connecting Smart Devices are trusted using certificates and keys – which are infinitely more difficult for a hacker to bypass or imitate – when attempting a break-in.

Manufacturing

Manufacturing Computers and Electronics IoT Authentication

DIGISTOR® Extends Commercially Priced Self-Encrypting Drive Products With Key Pre-Boot Authentication Feature to Secure Data at Rest (DAR)

CyberSecurity Insiders

SEPTEMBER 14, 2022

In addition, DIGISTOR is announcing that the Citadel C Series Advanced version has been listed by NIST as a FIPS 140-2 L2 certified storage device with NIST certificate #4294. “DIGISTOR is an important partner who aligns closely with our vision and product offerings,” said Tom Ricoy, Chief Revenue Officer, of Cigent.

Encryption

Encryption Authentication Government Financial Services

Give Your Cyber Security Career a Boost

Security Boulevard

AUGUST 3, 2021

Cyber security certifications and training platforms. Cyber security certifications are a good way to enhance your skills and demonstrate your depth of knowledge. While certifications are not mandatory for most positions, they are a good indicator of your dedication to continuous learning and help prove your skills. ISACA CISM.

Penetration Testing

Penetration Testing Education Government Information Security

Cisco addresses flaws in HyperFlex and Prime Infrastructure

Security Affairs

FEBRUARY 21, 2019

Cisco released security patches that address more than a dozen issues in its products, including high severity flaws in HyperFlex, Prime Infrastructure, and Prime Collaboration Assurance. Cisco addressed a High severity certificate validation bug in the Identity Services Engine (ISE) integration feature of Prime Infrastructure (PI).

Software

Software Authentication Advertising IoT

To Make the Internet of Things Safe, Start with Manufacturing

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

Achieving the IoT’s bold objective requires not only bringing many small things together and carefully orchestrating their interconnections, but also the assurance that their integrity and the data they collect remains secure and trustworthy. Injecting digital birth certificates to enable device identification and authentication.

Manufacturing

Manufacturing Internet Internet IoT

Seriously?! Now OEMs Will Have to Manage Software Updates in Your Car?

SecureWorld News

JUNE 1, 2022

As the numbering implies, R-156 is a companion piece to R-155 and it will be enforced in the same way, meaning through audited certification of compliance. Manufacturers apply to local approval authorities for certification of their vehicles. That certificate is valid for a maximum of three years.

Software

Software Manufacturing Surveillance Marketing

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

ForAllSecure

APRIL 15, 2021

On February 12, 2021, ForAllSecure CEO Dr. David Brumley joined Cloudflare’s Head of Product Security, Evan Johnson, to discuss all things software security, fuzz testing, capture-the-flags (CTFs), and cybersecurity certifications. in cybersecurity or an industry certification? Missed the episode? You’re in luck.

Software

Software Hacking Marketing Engineering

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

ForAllSecure

APRIL 15, 2021

On February 12, 2021, ForAllSecure CEO Dr. David Brumley joined Cloudflare’s Head of Product Security, Evan Johnson, to discuss all things software security, fuzz testing, capture-the-flags (CTFs), and cybersecurity certifications. in cybersecurity or an industry certification? Missed the episode? You’re in luck.

Software

Software Hacking Marketing Engineering

Creating Secure Software Requires More Than Just Motivation

CyberSecurity Insiders

MAY 13, 2021

While the motivation to create a great software product has not waned, it has become more formalized and legitimized. As stated by Santosh Kumar, “In general, the myth has been that having a firewall would address both the infrastructure and application/product lifecycle security. Does A Certification Really Matter?

Software

Software Education Passwords Cybersecurity

BH Consulting prepares HR software company Our Tandem for successful ISO 27001 certification

BH Consulting

APRIL 21, 2021

The company has already won the ‘most innovative future of work product’ at the HR Technology Congress in Paris and has a global client base across multiple industries. It decided to come to BH Consulting, as a trusted professional security provider, to guide it along the journey to ISO 27001 certification. Testimonial. “BH

Software

Software Information Security Risk Technology

Talking Trust With Venafi

Thales Cloud Protection & Licensing

JULY 29, 2021

I recently spoke with Eddie Glenn, the Senior Product Marketing Manager at Venafi , who offered insights into how an HSM can protect your software supply chain. Tune into our discussion learn more about the steps your organization can take to accomplish better security by using code signing with solid certificate, and key management.

Digital transformation

Digital transformation IoT Software Marketing

Cloud Native Applications are the Trend but what about Cloud Native Security?

Thales Cloud Protection & Licensing

NOVEMBER 23, 2020

In the initial phases of adoption by the developer community, built-in Certificate Authority (CA) capabilities of cloud-native technologies were used. This has led to an increase in demand for certificate issuance and/or management solutions for cloud-native technologies like Kubernetes, Istio service mesh, etc.

Technology

Technology Encryption Software Marketing

Securing the Identities of Connected Cars

Thales Cloud Protection & Licensing

SEPTEMBER 9, 2021

In accordance with security protocols, the company needed to deploy digital certificates in the vehicles and therefore was looking for a dependable and flexible PKI environment. The manufacturer needed a certificate-based solution that would provide secure identity to every vehicle.

Manufacturing

Manufacturing Technology IoT Government

Machine Identities are Essential for Securing Smart Manufacturing

Security Boulevard

FEBRUARY 28, 2022

As key enablers of digital supply networks, IIoT technologies help to change the way that products are made and delivered, making factories more efficient, ensuring better safety for human operators, and, in some cases, saving millions of dollars. The Venafi platform identifies which keys and certificates are trusted and which need replacing.

Manufacturing

Manufacturing IoT Authentication Artificial Intelligence

Galaxy S10 is the first 5G phone that can be used by US DoD

Security Affairs

AUGUST 18, 2019

announces that its flagship products continue to obtain federal certification with the recent approval of the Samsung Galaxy S10 series, Note9 and Galaxy S9 join the Galaxy S8/S8+ and Note8 in the receiving Security Technical Implementation Guide (STIG) approval necessary for deployment within the Department of Defense (DoD).”

Advertising

Advertising Government Mobile Information Security

Cloud Security Alliance Releases Report on Corda Blockchain Framework and Security Controls

CyberSecurity Insiders

DECEMBER 15, 2021

SEATTLE–( BUSINESS WIRE )–The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today released Corda Enterprise 4.8 – Architecture Security Report and an accompanying security controls checklist.

Architecture

Architecture Education Risk Government

Hiring – (Technical) Cybersecurity Consultant

BH Consulting

JUNE 2, 2022

Communicating the results of the above tests – via the production of high quality reports, executive summaries and board-level presentations. Strong documentation skills to contribute to security policies, processes and procedures and for the production of risk assessment reports, findings and recommendations.

Cybersecurity

Cybersecurity Backups Penetration Testing Risk

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

Hiring – Senior Technical Cybersecurity Consultant

Trending Sources

GDPR certification is here at last – here’s why it’s a game changer

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

Ask Fitis, the Bear: Real Crooks Sign Their Malware

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

Google Trust Services ACME API available to all users at no cost

Accelerating Data Security and Manufacturing Production for Medical Sensors by 20x with nTropy.io and Thales

ISO management systems assurance

Protect & Serve with the Cloud Cybersecurity Requirements in the Aerospace and Defense Industry

All About Plug Tech Reviews: scam or legit?

Best Android Smart Phones for Business Environments

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

Our Principles for IoT Security Labeling

CISSP Recognized as Top Cybersecurity Certification

Secure Public Key Infrastructure (PKI) Critical to STIR/SHAKEN

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Securing Containers and Multi-Cloud Operations

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

Securing Containers and Multi-Cloud Operations

Luna HSM 7 Certified for eIDAS Protection

New CA/B Forum Code Signing Requirements in Effect – Is Your Organization Compliant?

Hardware-based PKI provides strong passwordless authentication

A Light-hearted Look at Machine Identities [Newbie Perspective]

Advice for the Graduating Class of 2023: Qualities of a Modern Day Cybersecurity Professional

ISO 42001

ISO 26262: The ISO Standard for Functional Safety

3 Ways to Protect Smart Devices from Criminal Exploits

DIGISTOR® Extends Commercially Priced Self-Encrypting Drive Products With Key Pre-Boot Authentication Feature to Secure Data at Rest (DAR)

Give Your Cyber Security Career a Boost

Cisco addresses flaws in HyperFlex and Prime Infrastructure

To Make the Internet of Things Safe, Start with Manufacturing

Seriously?! Now OEMs Will Have to Manage Software Updates in Your Car?

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

Top 3 Takeaways: “Cloudflare TV’s Hacker Time"

Creating Secure Software Requires More Than Just Motivation

BH Consulting prepares HR software company Our Tandem for successful ISO 27001 certification

Talking Trust With Venafi

Cloud Native Applications are the Trend but what about Cloud Native Security?

Securing the Identities of Connected Cars

Machine Identities are Essential for Securing Smart Manufacturing

Galaxy S10 is the first 5G phone that can be used by US DoD

Cloud Security Alliance Releases Report on Corda Blockchain Framework and Security Controls

Hiring – (Technical) Cybersecurity Consultant

Stay Connected