Secure Controls Framework (SCF)
May 30, 2022
Centraleyes’s Resource Center
Centraleyes Provides You With Various Resources
On the Different Industries And Services
- Yair Solow Featured on Bugy's Founder Interviews
- Centraleyes Chosen as Global Top 5 Startups of the Year - Interview
- Centraleyes on Cyber Ghost: Interview with Yair Solow
- Spotlight Q&A with Centraleyes at Safety Detectives
- Centraleyes Expands Automated Risk Register To Cover All Enterprise Risk
- New Centraleyes 4th Generation Release Officially Goes Live
- Yair Solow Featured on VPN Mentor
- Yair Solow on CNN
- CyGov Signs a Strategic Agreement with R3 (Spanish)
- Centraleyes Welcomes Co-Founder of Optiv, Dan Burns, to Its Board of Directors
- Centraleyes Continues to Expand Its Global Network of Strategic Partners with UK-based ITC Secure
- Centraleyes Introduces First Automated Risk Register
- Yair Solow Featured on Website Planet
- Trevor Failor named head of sales at CyGov
- CyGov is rebranding its platform as Centraleyes
- Cybersecurity Company Cygov Partners With Risk Management Company Foresight
- CyGov agrees strategic partnership with top 200 MSSP Cybriant
- Cyber Resilience Resource for Businesses Re-Deploying Remotely
- The Four New Pillars of Corporate Protection Yair Solow on InfoSecurity Magazine
- CyGov selected by SixThirty as Top Cyber Security Startup
- Europe's Top Cyber Security Startups
- CyGov Interviewed by MediaSet
- Eli Ben Meir's article in Security Intelligence
- Yair Solow on i24 News
- CyGov Selected by WorldBank
- Eli Ben Meir OpEd in the Houston Chronicle
- Yair Solow and Eli Ben Meir Present at the SparkLabs Demoday 8
- Enhance Your Cyber Maturity With ITSM Integration and Automated Remediation
- Ensure Your Ongoing Compliance With Automatic Framework Reassessment Tasks
- Stay in the Know With a Full Activity Log of Your Assessment Collection
- Add a New Entity to Perform Your Assessment in 10 Seconds
- Quantify Financial Risk With Centraleyes Platform Primary Loss Calculator
- Cover Your Entire Environment With Centraleyes's Risk Application Assessments
- Communicate Cyber Risk With Your Executives in an Intuitive, Beautifully Visualized Board Reporting
- Stay on Top of Your Vendors' Cyber History With In-Depth External Scans
- Automate the Creation and Maintenance of a Risk Register, Saving Hours on Manual Work
- Add a New Framework and Distribute Assessments in Your Organization
- View Your Organization's Risk Scoring Through the NIST Tiering Lens
- Most Intuitive Way for Compliance With the Framework Navigation Tool
- Always Prepared for the Next Task With Automated Remediation
- Effective Team Work With Drag-and-Drop Control Assignment
- Get Real-Time Critical Alerts That are Specifically Relevant to You
- MSSPs Can Manage Multiple Clients Under One Platform
- Onboard a New Vendor in Just 30 Seconds
- Turn Hours of Work Into Seconds with Centraleyes Vendor Risk Profile
- Always Informed with Centraleyes Domain Benchmarking
- Navigating the Cyber Currents: Ensuring a Watertight Critical Infrastructure
- Dollar Tree Breach: Supplier Roots Sprout Risks
- Applying Digital Pressure to Stop the “Citrix Bleed”
- 30-Year-Old Medical Protocol Making Headlines
- 88 Million Americans Affected in 2023 By Healthcare Data Breaches
- Critical Atlassian Flaw Has a Simple Fix
- D.C. Voter Data Leak: What We Know So Far
- Centraleyes Leads the Way with Full PCI DSS 4.0 Compliance Support on its Innovative Platform
- Will the Real Admin Please Step Up?
- Straightening Out the curl Vulnerability
- Vague in the Hague: Who Is Behind the ICC Data Breach?
- Forever 21 Discloses Data Breach Impacting Over Half a Million
- FBI on a Wild Duck Hunt after Qakbot
- The Enemy Within: Tesla’s Data Breach Was an “Inside Job”
- NIST CSF is Getting a Makeover
- Russia Prime Suspect for UK Electoral Commission Cyber Attack
- Storm-0558 Isn’t Over Yet
- Google-Owned VirusTotal Data Leak: Result of Human Error
- Made-In-China Hack Infiltrates the US Government
- EU-U.S. Data Privacy Framework: Is Adequate Good Enough?
- Anonymous Sudan Or Anonymous Russia?
- Over 100,000 ChatGPT User Account Credentials For Sale on the Dark Web
- Ransomware Causes St. Margaret Health’s Permanent Closure
- MOVEit Transfer Vulnerability Going Wild
- 8Base on a Ransomware Rampage
- FTC Penalizes Amazon with Millions in Fines
- Record 1.3 Billion GDPR Penalty Slapped on Meta
- Health Sector Warned of Veeam Vulnerability
- Malware Strain Disguised as a Chrome Updater
- Critical Flaw Found in DNA Sequencers
- The NIST CSF Makeover Scheduled for the Summer
- Privacy in the Age of ChatGPT
- Emergency Update for Apple Devices
- Operation Cookie Monster
- Centraleyes Launches the First of its Kind Higher-Ed Cyber Risk Program in Collaboration with FSU
- Call for Restraint in the Race to AI
- Saks Fifth Avenue Added to GoAnywhere Victim List
- Beware: SVB’s Collapse Being Exploited By Scammers
- New TSA Regulations for Airlines Facing “Persistent Cybersecurity Threats”
- CISA Calls on Tech Developers to Put Security into Digital Products
- How to Build a Successful GRC Program to Help Reduce Your Risk Posture
- How to Stay Secure and Compliant in a World of Regulatory turmoil
- Don’t Keep Your Head in the Clouds – How to Protect Yourself from Virtual Risk
- Flash Webinar: How to Know When it's Time to Build a Risk Management Program
- Enhancing Cyber Risk Management Through the Power of Automation - Boutique Webinar
- Flash Webinar: From Technical to Business Risk - How to Communicate With Your Board
- Flash Webinar: What You Can Learn From the SolarWinds Attack to Lower Your Chances of Being Breached
- Flash Webinar: Supply Chain, 3rd-Party Vendors and the Silent Assassin Among Them
- Flash Webinar: Cyber Risk Management - it Doesn't Have to Be So Painful
- Top 5 Strategies for Vulnerability Mitigation
- Mastering the German Federal Data Protection Act (BDSG-New): A Deep Dive
- How Diversity and Inclusion Initiatives Can Reduce Cyber Risk
- Implementing Effective Compliance Testing: A Comprehensive Guide
- The Ultimate ESG Audits Checklist
- A Full Guide to Achieving SOC 2 Certification for Startups
- HIPAA Compliance Checklist for Enhanced Data Security
- Understanding SEC Cyber Disclosure Rules and CISO Liability
- HITRUST vs. HIPAA: Ensuring Data Security and Compliance
- Understanding the Core Principles of Information Security
- ISO 27001 Mandatory Documents: A Guide to Achieving Compliance
- Supply Chain Vendor Risk Assessment: The Definitive Guide
- Understanding the Difference Between Penetration Testing and Vulnerability Scanning
- Safeguarding Your Business From Social Media Risks
- Strategies for Automating a Cyber Risk Assessment
- Essential Cybersecurity KPIs to Track for Effective Risk Management
- Best Practices in Audit Management Process
- GRC Automation: The Competitive Edge for Enterprises
- Everything You Need To Know About The New York Privacy Act 2021
- Identifying and Addressing Internal Control Weaknesses
- Mitigating Market Risk: Effective Strategies for Success
- Ultimate Guide to Selecting a Compliance Management Tool
- The Importance of ESG Metrics in Driving Sustainable Business Practices
- PCI DSS 4.0: What's New and How to Stay Compliant
- Understanding the Digital Operational Resilience Act and Its Pillars
- How to Meet CMMC 2.0 Self-Assessment Requirements: 5 Key Strategies
- Cyber Insurance Explained: What It Covers, Who Needs It
- Maximizing Success: A Guide to Developing and Monitoring Your Risk Management Plan
- Decoding the Cyber Risk Quantification Models: Selecting the Right Framework
- Risks of Hybrid Working: Safeguarding Cybersecurity in the New Era
- GRC Platform Features: Unleashing the Power of Comprehensive Capabilities
- CCPA Compliance Requirements: Ensure Your Business is Compliant
- Mastering Vulnerability Management: Best Practices for Cybersecurity Success
- Best Practices for Automating Third-Party Risk Management
- How Security Automation Works
- Federal Privacy Legislation: What You Need to Know
- Cyber Risk Management as a Best Practice: Benefits to Financial Firms
- Selecting the Best Cyber Risk Quantification Models for Your Organization
- Security Audit Benefits for Small Businesses
- Benefits of Information Security Automation
- Cyber Leaders of the World: Chris Lockery, CISO at Help at Home
- Cyber Leaders of the World: Michael Anderson, CISO at the Dallas Independent School District
- Cyber Leaders of the World: Timothy Spear, Co-Founder and CTO of Whonome
- Cyber Leaders of the World: Marc Johnson, CISO at Impact Advisors
- Cyber Leaders of the World: Craig Williams, CISO at Secure Data Technologies
- Cyber Leaders of the World: Bill Genovese, CIO Advisory Partner at Kyndryl
- Cyber Leaders of the World: Dr. Brian Callahan, Graduate Program Director & Lecturer at ITWS@RPI, and CISO at PECE
- Cyber Leaders of the World: Chris Grundemann, Research Category Lead for Security and Risk at GigaOm
- Cyber Leaders of the World: Barak Blima, CISO at CHEQ
- Cyber Leaders of the World: Tony Velleca, CEO at CyberProof and CISO at UST
- Cyber Leaders of the World: Rob Black, CEO and Founder of Fractional CISO
- Cyber Leaders of the World: Zachary Lewis, CISO at the University of Health Sciences and Pharmacy in St. Louis
- Cyber Leaders of the World: Dan Wilkins, CISO at the State of Arizona
- Cyber Leaders of the World: Sagar Narasimha, CISO at Amagi
- Cyber Leaders of the World: Seema Sharma, Global Head of Information Security & Data Privacy at Servify
- Cyber Leaders of the World: Shay Siksik, VP of Customer Experience at XM Cyber
- Cyber Leaders of the World: Raz Karmi, CISO at SimilarWeb
- Man-in-the-Middle Attack
- Digital Rights Management
- Content Disarm and Reconstruction
- Calculated Risk
- Data Residency
- Asset Risk Management
- Identity Security
- Risk Modeling
- CISO Board Report
- Risk Communication
- SOC 2 Bridge Letter
- Audit Documentation
- Enterprise Risk Management (ERM)
- Compliance Gap Analysis
- Security Misconfiguration
- Security Program Management
- Digital Risk Protection
- Advanced Persistent Threat
- Continuous Auditing
- Risk Control
- SSAE 16
- ISMS Awareness Training
- Risk Management Policy
- Risk Avoidance
- Resilience Management
- End-To-End Encryption
- Data Minimization
- Data Spillage
- Account Takeover
- Security Gap Analysis
- IoT Cybersecurity
- Issue Management
- Audit Management
- Risk Appetite Statement
- Cybersecurity Due Diligence
- IT GRC
- Penetration Testing
- Complimentary User Entity Controls
- Network Security Test
- Compliance Tracking
- How does the CMMC differ from NIST?
- What are the penalties for not reporting a HIPAA violation?
- What are the different versions of HECVAT?
- What are the 4 objectives of Enterprise Risk Management?
- Who needs to be ITAR compliant?
- What are the best practices for vendor risk management for CISOs?
- What are the three stages of the zero-trust security model?
- What are the NIST control families?
- Can ChatGPT replace compliance officers?
- How can thread modeling help an organization identify and mitigate potential risks?
- What is the average cost of penetration testing?
- What are the 4 things that PCI DSS Covers?
- How do risk heat maps help in effective risk management?
- What are the components of inherent risk?
- What Are the 7 Phases of Incident Response?
- What are the Five Elements of Risk Management?
- What are 3 COSO Internal Control Objectives?
- What are the 19 categories of CUI?
- What are the phases of an incident response plan?
- What are the Elements of an IRS Data Security Plan?
- What Are the Primary Components of Vendor Risk Management?
- How Do You Create a Data Classification Policy?
- What are the Steps in a Vendor Management Audit?
- What Are the Steps to Conduct a Robust Vendor Risk Assessment?
- What is the Purpose of Access Control Matrix?
- What is the NIST Cybersecurity Framework’s Approach to Risk Management?
- What is the Difference Between IT Security and IT Compliance?
- What Do Common Vulnerabilities and Exposures Represent?
- What are the types of attack surfaces?
- What Are the Benefits of a Compliance Automation Tool?
- How does FAIR fit into cyber security programs?
- How do you monitor third-party risks?
- Why Do CISOs Need to Quantify Cyber Risk?
- What Are the 4 Common Causes of Data Breaches?
- What Are Examples of Reputational Risks?
- What Can be Monitored with CCM?
- How Can Finance Companies Manage Vendor Risk?
- What are the 4 Steps of the Vulnerability Remediation Process?
- Do Any Laws Apply to Typosquatting and Cybersquatting?
- How do you implement the NIST cybersecurity framework using ISO 27001?
- Last Resources
FFIEC
June 14, 2021
PCI DSS
June 14, 2021
GDPR
June 14, 2021
SOC 2 Type II
June 14, 2021
NY SHIELD Act
June 14, 2021
OWASP ASVS
June 14, 2021
ISO 27001
June 14, 2021
CIS Controls
June 14, 2021
ISO 27701
June 14, 2021
NIST CSF
May 18, 2021
NIST AI RMF?
December 7, 2023
Top 5 Strategies for Vulnerability Mitigation
December 7, 2023
Resources | News & Updates
Navigating the Cyber Currents: Ensuring a Watertight Critical Infrastructure
Addressing recent cyber threats, a top White House national security official emphasized the imperative for increased cybersecurity…
Dollar Tree Breach: Supplier Roots Sprout Risks
In a recent incident, Dollar Tree, a leading discount retail chain, faced the aftermath of a third-party…
Applying Digital Pressure to Stop the “Citrix Bleed”
The “Citrix Bleed” security vulnerability exploitation by LockBit 3.0 ransomware gang affiliates has been escalating recently. This…
30-Year-Old Medical Protocol Making Headlines
Researchers from Aplite have identified potential exposure of around 60 million personal and medical records due to…
88 Million Americans Affected in 2023 By Healthcare Data Breaches
The Department of Health and Human Services (HHS) has recently released staggering figures revealing a significant increase…
Critical Atlassian Flaw Has a Simple Fix
Atlassian has issued a warning about CVE-2023-22518. The severe flaw is described as an “improper authorization vulnerability…
D.C. Voter Data Leak: What We Know So Far
The District of Columbia Board of Elections (DCBOE) has reported a security incident involving the breach of…
Centraleyes Leads the Way with Full PCI DSS 4.0 Compliance Support on its Innovative Platform
Centraleyes proudly announces its full support for the Payment Card Industry Data Security Standard (PCI DSS) version…
Will the Real Admin Please Step Up?
New research from Outpost24 concludes that IT administrators may be as careless as the other employees regarding…
Straightening Out the curl Vulnerability
In recent days, the cybersecurity community held its collective breath in anticipation of the disclosure of two…
Vague in the Hague: Who Is Behind the ICC Data Breach?
The International Criminal Court (ICC) in The Hague, one of the world’s most prominent institutions dealing with…
Forever 21 Discloses Data Breach Impacting Over Half a Million
Fashion retailer Forever 21 has revealed a data breach that has affected more than 500,000 individuals. The…
FBI on a Wild Duck Hunt after Qakbot
The FBI and law enforcement agencies have orchestrated an unprecedented strike against the Qakbot botnet, effectively quelling…
The Enemy Within: Tesla’s Data Breach Was an “Inside Job”
Tesla has acknowledged in an official filing with the Maine attorney general that the recent data breach,…
NIST CSF is Getting a Makeover
The National Institute of Standards and Technology (NIST) has unveiled a draft version of Cybersecurity Framework (CSF)…
Russia Prime Suspect for UK Electoral Commission Cyber Attack
A cyber attack targeting the UK’s Electoral Commission, which resulted in the exposure of data belonging to…
Storm-0558 Isn’t Over Yet
A report published this week by the independent security firm Wiz has raised serious concerns about the…
Google-Owned VirusTotal Data Leak: Result of Human Error
The recent data leak at Google-owned VirusTotal exposed information on approximately 5,600 of its registered customers. The…
Made-In-China Hack Infiltrates the US Government
A hacking campaign, which began in mid-May, saw Chinese hackers infiltrating US government email accounts, including those…
EU-U.S. Data Privacy Framework: Is Adequate Good Enough?
The European Union has approved a new agreement regarding the privacy of individuals’ personal information transmitted across…
Anonymous Sudan Or Anonymous Russia?
Anonymous Sudan gained notoriety with its distributed denial of service (DDoS) attacks, targeting Microsoft in June. Earlier…
Over 100,000 ChatGPT User Account Credentials For Sale on the Dark Web
This week, researchers at Group-IB discovered that upwards of 100,000 ChatGPT user accounts were up for sale…
Ransomware Causes St. Margaret Health’s Permanent Closure
The recent closure of St. Margaret’s Health, a hospital in Illinois, serves as a powerful reminder of…
MOVEit Transfer Vulnerability Going Wild
The Clop ransomware organization purportedly exploited a critical zero-day flaw in the MOVEit file transfer program. Security…
8Base on a Ransomware Rampage
In just one month, the ransomware group known as 8Base emerged as the second most active ransomware…
FTC Penalizes Amazon with Millions in Fines
Yesterday, the FTC took a significant enforcement step against Amazon claiming that The Children’s Online Privacy and…
Record 1.3 Billion GDPR Penalty Slapped on Meta
Meta, better known for Facebook and Instagram, has been fined a record $1.3 billion (€1.2 billion) for…
Health Sector Warned of Veeam Vulnerability
Threat actors are increasingly targeting Veeam Backup & Replication in cyber attacks. Veeam Software’s Veeam Backup &…
Malware Strain Disguised as a Chrome Updater
A recently spotted campaign tricked users with an in-browser Windows update simulation to deliver the Aurora information-stealing…
Critical Flaw Found in DNA Sequencers
A significant vulnerability in Illumina gene sequencing software puts a spotlight on the need to bolster cybersecurity…
The NIST CSF Makeover Scheduled for the Summer
NIST plans for a significant update to the NIST CSF Framework this summer. They recently published a…
Privacy in the Age of ChatGPT
One of the main concerns with language models like ChatCPT is privacy risks. The model uses any…
Emergency Update for Apple Devices
Apple has released emergency security updates to address two zero-day vulnerabilities that have already been exploited in…
Operation Cookie Monster
On Tuesday, more than a dozen law enforcement organizations from around the world shut down the Genesis…
Centraleyes Launches the First of its Kind Higher-Ed Cyber Risk Program in Collaboration with FSU
The key objective is to bring hands-on training and experience on best practices and the key role…
Call for Restraint in the Race to AI
Is the World Adopting AI Models Too Fast? That’s what an elite group of tech leaders and…
Saks Fifth Avenue Added to GoAnywhere Victim List
Dozens of organizations have been added to Clop ransomware’s victim list over the last couple of months,…
Beware: SVB’s Collapse Being Exploited By Scammers
Cybersecurity experts caution that scammers are profiting from the turmoil caused by the collapse of Silicon Valley…
New TSA Regulations for Airlines Facing “Persistent Cybersecurity Threats”
The Transportation Security Administration on Tuesday announced regulations to force airports, along with aircraft owners and operators,…
CISA Calls on Tech Developers to Put Security into Digital Products
CISA called on technology development companies to “fundamentally shift” product design to one that puts cybersecurity at…
Social Engineering “Smishing” Attack on Coinbase
Coinbase and other crypto platforms are frequently targeted by fraudsters. That’s because currency in any form is…
GoAnywhere Impact Setting In
An attack on the GoAnywhere controlled file transfer software that exploited a recently discovered zero-day vulnerability has…
GoodRx Gets a Taste of its Own Medicine
GoodRx has recently come under fire for breaking its privacy promises and the HBNR (Health Breach Notification…
Malicious Apps Abused Microsofts Verification Standard
In December, a group of threat actors abused the Microsoft “certified publishers” status of the Microsoft Cloud…
Drop in Ransomware Payments Show Victims Becoming Bold
A report conducted by Chainalysis noted a 40% drop in payments made to ransomware extortion groups in…
POC of CWP Flaw Leads to Live Attacks
The popular and free Control Web Panel software has a significant security flaw that has already been…
What Can’t You Do With Chat GPT?
Since its release, there has been an explosion of interest in Chat GPT in the media and…
Centraleyes Goes Live with Dedicated Risk Framework for Small Business Based on NIST 7621
Centraleyes announces the addition of NIST 7621 to its extensive framework library. The NIST 7621 framework provides…
Google Sued Again For Deceptive Location Tracking
Google settled two privacy lawsuits last week. The data and information goliath will pay $9.5 million to…
LastPass Attacker Did Reach Password Vaults
What does your human logic dictate? Using third-party password managers like LastPass, sometimes thought to be more…
Game Over for Epic
Fortnite developer, Epic Games, was charged a whopping $275,000,000 penalty in settlement fees in violation of federal…
Centraleyes Goes Live with the Latest Version of ISO 27001 2022 Standard
The ISO 27001 standard is internationally accepted as a specification for an Information Security Management System (ISMS).…
96% of Classroom Apps Share Student’s Personal Data
Internet Safety Labs, a non-profit organization on a mission to ensure online product safety, released a new…
Will the FBI Block Tik Tok?
On Friday, Christopher Wray of the FBI raised concerns that Chinese owned Tik Tok “is in the…
Massive Twitter Leak
Chad Loder, the founder of cyber security awareness company Habitu8, received evidence last week of a massive…
World Cup Cyber
This Sunday marked the commencement of the FIFA World Cup in Qatar, and threat actors will be…
FTX Has Been Hacked
On Friday, crypto exchange FTX recommended users delete FTX apps and avoid using its website, backing up…
Insurance Giant Settles Groundbreaking Lawsuit with Oreo Cookie Brand Mondelez
A settlement was reached last week in a $100,000 lawsuit between Zurich, a global insurance giant, and…
White House Convenes Ransomware Summit
A two-day International Counter Ransomware Summit was held this past Monday and Tuesday. Leaders and experts from…
FBI Warns of Iranian Hacking Group Ahead of Elections
Misinformation and disinformation are pressing problems that have mingled with traditional cybersecurity to evolve into a form…
Verizon Verifies Data Breach
Verizon notified an unknown volume of its prepaid customers that attackers breached Verizon accounts and were able…
Nullmixer Malware Madness
Using a single Windows executable file, Nullmixer infects devices with 12 different streams of malware, all at…
Uber: MFA Bombing Attack
Love may conquer all, but apparently MFA won’t. That pesky human factor again. Unmanaged risk surrounding the…
Twitter: Don’t Shut Down- Get Better!
“Twitter was and continues to be one of the world’s most influential communications platforms.What happens on Twitter…
Centraleyes Announces the Addition of NIST 800-53 to its Expanding Framework Library
Centraleyes announces the addition of NIST 800-53 to its extensive framework library. NIST 800-53 was created to…
Centraleyes Adds the HECVAT Risk Assessment to its Expanding Framework Library
Centraleyes announces the addition of the Higher Education Community Vendor Assessment Toolkit (HECVAT) its extensive framework library.…
Education Hit Hard by Ransomware
IT systems of the second largest school district in the U.S. were hit over the weekend by…
Centraleyes Maps the FFIEC to its Expanding Control Inventory
Centraleyes announces the addition of the Federal Financial Institutions Inspection Council (FFIEC) to its expanding framework library.…
Third-party Services Breached for 2.5 million Loan Application Records!
Both EdFinancial and the Oklahoma Student Loan Authority (OSLA) use technology services from Nelnet Servicing, including giving…
Credential Stuffing via Residential Proxy is on the Rise!
Last week, the FBI released a PIN (Private Industry Notification) on their Internet Crime Complaint Center (IC3).…
Meraki Firewall False Positive Triggers Microsoft 365 Outage
Did you experience trouble connecting to Exchange Online, Microsoft Teams, Outlook desktop clients, and OneDrive for Business…
Centraleyes Announces the Addition of NYDFS to its Expanding Framework Library
Centraleyes announces the addition of the New York Department of Financial Services (NYDFS) Cybersecurity Regulation to its…
Vendor Breach at Idaho Hospital
St. Luke’s Health System in Boise, Idaho had to notify patients of a data breach that took…
Centraleyes Maps PCI DSS to its Expanding Control Inventory
Centraleyes announces the addition of PCI DSS to its extensive framework library. The PCI DSS refers to…
CosmicStrand: Getting Down to the Root of the Problem
How do you rid your computer of a rootkit that tunnels its way into the lowest levels…
4 “High Impact” Security Risks for Okta
Researchers at Authomize discovered 4 ‘high impact’ attack paths in Okta’s trusted management solution. Authomize clearly points…
Phishing for Credentials
A huge web of phishing attacks were performed on over 10,000 organizations! Tricking victims with fake Office…
Centraleyes Adds ISO 22301 to its Extensive Framework Library
Centraleyes announces the addition of the ISO 22301 Business Continuity Management Framework to its expanding framework library.…
Healthcare Data Dominoes
Pre-July 4th weekend, Professional Finance Company (PFC USA) notified the patients of 657 country-wide healthcare providers of…
ToddyCat APT Aims High
A new Advanced Persistent Threat (APT) actor has been spotted by Kaspersky cybersecurity researchers attempting attacks on…
Interpol Takes Down 2000 Social Engineers
Justice prevailed for the victims of worldwide social engineering scams as police from 76 countries worked together…
Centraleyes Integrates the South African Protection of Personal Information Act with its GRC Platform
Centraleyes announces the addition of the new South African data privacy framework, the Protection of Personal Information…
Keep China Out: Patch Network Devices ASAP
The US government, specifically the NSA, FBI and CISA, have issued explicit warnings that hackers working for…
Centraleyes Adds the Secure Controls Framework to its Expanding Framework Library
Centraleyes announces the addition of the Secure Controls Framework (SCF) to its expanding framework library. The Secure…
Hijacked Whatsapp Accounts- Protect Yourself!
Sometimes the simplest scams are the most effective. Hackers managed to hijack victims’ Whatsapp accounts using mobile…
Pwn2Own- Successful Hacks
The annual Pwn2Own hacking contest, held in Vancouver, brought together security researchers from all over the world…
Centraleyes Integrates the Cyber Resilience Review Assessment to its next-gen GRC Platform
Centraleyes announces the addition of the Cyber Resilience Review (CRR) security assessment to its expanding framework library.…
The Critical F5 BIG-IP Vulnerability
A huge and critical vulnerability broke this week making headlines across cyber news sites. Why is this…
Centraleyes Announces the addition of the UAE IA Compliance Regulation to its Framework Library
Centraleyes has recently announced the addition of the UAE IA compliance regulation to its expanding framework library.…
Centraleyes Adds ISO 27701 to its Framework Library
Centraleyes is excited to announce the addition of ISO 27701 security standard to its expanding framework library.…
Tricked at the Top: US Dept. of Defense
Quite amazingly, a resident of California conducted a phishing operation and managed to successfully reroute government money…
Coca-Cola Breach: The Real Thing? 
The infamous Stormous ransomware gang claims to have breached Coca Cola’s servers, stealing 161 GB of data.…
Dwell-Time Down, Vigilance Up!
Mandiant, the cybersecurity company to be acquired by Google later this year, have released their Mandiant M-Trends…
Centraleyes Integrates OWASP MASVS to its Framework Library
Centraleyes is happy to announce the addition of OWASP MASVS security standard to its expanding framework library.…
Centraleyes Identified as an Outperformer and a Challenger in the GigaOm GRC Radar Report
Centraleyes reaches yet another milestone, being identified as an Outperformer in the Challenger group of the 2022…
Centraleyes Partners with UAE-based distributor, Evanssion, to bring local presence in a key market as part of its global expansion plans
Centraleyes announces its latest strategic partnership with UAE-based, value-added distributor, Evanssion.Evanssion is now promoting the Centraleyes next…
Centraleyes Adds Insider Risk Mitigation Security Standard to its Framework Library
Centraleyes is happy to announce the addition of the Insider Risk Mitigation security standard to its expanding…
Illegal Legal Hacks
Looks like Apple and meta will be undergoing some social engineering awareness training! Hackers posing as various…
Centraleyes Partners with Netsurit, Leading Global IT and Digital Transformation Managed Service Provider
Centraleyes announces its latest strategic partnership with New York-based, global IT and digital transformation managed service provider,…
You’ve Been Hacked: Roskomnadzor
Ukrainian anonymous hacking group, appropriately called Anonymous, announced over Twitter this week that they had breached and…
Using the Shed Light: Twitter vs. Russia
Defending and respecting the user’s voice is one of Twitter’s core values, according to their website. This…
Centraleyes Announces the Addition of PIPL its Framework Library
Centraleyes is happy to announce the addition of the Personal Information Privacy Law (PIPL) of China to…
Next-gen Botnets
It’s the plague of frogs- but not as you know it. First spotted in August 2020, “FritzFrog”…
Centraleyes Updates Newly Released CMMC 2.0 in its Framework Library
Centraleyes is excited to announce the upgrade of the new CMMC version 2.0 in its extensive framework…
Centraleyes Maps the Nevada Revised Statutes to its Control Inventory
Centraleyes is proud to announce the addition of the Nevada Revised Statutes (NRS), Chapter 603A to its…
Russian Hackers Infiltrate Ukrainian Organizations via Spear-Phishing
The world is watching with bated breath as Russia lines up its army along the borders of…
Centraleyes Adds the Ransomware Readiness Assessment Model to its Framework Library
Centraleyes is excited to announce the addition of the Ransomware Readiness Assessment (RRA) Model to its expanding…
The British are Coming- with SOX!
The UK’s corporate landscape begins the 2-year countdown to prepare for new governance, audit and reporting requirement:…
RCE Alert: Managing Vulnerabilities
Two critical bugs discovered in Control Web Panel means that an unauthenticated attacker can gain remote code…
When Imitation Isn’t the Best Form of Flattery
There is an exclusive top ten list that NO company wants to find themselves on: the Top…
Ransomware Shuts Down US Prison
Ransomware is always consequential to the company experiencing the attack, but in this case, the staff and…
Y2K22 Surprise!
Microsoft Exchange users were surprised when emails could not be delivered on January 1st, 2022. MEServers from…
DuckDuckGo For It!
Everyone is talking about DuckDuckGo, the search engine that has experienced enormous growth in 2021 and performs…
Securing from the Inside Out
Take your mind off of Log4j momentarily and consider a vastly different vulnerability. Garret Metal detectors, a…
Demystifying The Internet Meltdown: Log4j
The Log4Shell bug has taken the world by storm putting some of the biggest companies at risk…
Patching Backward to Move Forward: Top 6 Tips for Patch Management
These patches were released months ago, so how can threat actors continue to exploit the same vulnerabilities…
Phishing From Within
IKEA has been in the limelight this week as the target of a creative phishing campaign. Internal…
Critical Infrastructure targets take extra precautions this Thanksgiving
Another holiday weekend, another reason to be cyber vigilant! CISA and the FBI released a warning ahead…
300+ WordPress Sites Held Ransom By Fake Ransomware
Over 300 WordPress sites were attacked with fake encryption notices, informing them they must pay 0.1 bitcoin…
At Least Nine Global Entities Across Critical Sectors Have Been Exploited Via a Known CVE
Back in September, the Zoho MachineEngine ADSelfService Plus reported a critical vulnerability that would allow remote attackers…
Your Company is Under Intense Pressure. And That’s Exactly When They’ll Strike.
Ransomware actors are choosing their targets based on time-sensitive financial events, like mergers or acquisitions and ends…
You Haven’t Heard Of Groove Ransomware? Let’s Hope It Stays That Way
Not everyone was happy with the law enforcement’s take down of the REvil ransomware group last week.…
Claiming Unemployment? Watch Out!
The FBI put out a warning this week of spoofed websites offering unemployment benefits that harvest sensitive…
Lightning Never Strikes Twice? Ransomware Does
Back in September, leading medical technology company Olympus was hit with a ransomware attack on its EMEA’s…
“Do Your Part… Be Cyber Smart!” CISA
Cybersecurity Awareness is at an all-time high and has never been more meaningful! As the NCSA kicks…
OWASP Celebrated Their 20th Anniversary Last Week By Releasing a Brand New List Of Critical Security Risks For Web Apps
The OWASP Top 10 is the ultimate guide to the threats and remediations that companies should address,…
Hackers Continue To Target Critical US Infrastructure and Seek To Disrupt Supply Chains, But Are We Handing Them Access On A Silver Platter?
NEW Cooperative, an Iowa-based farm service provider, was hit with a ransomware attack in recent days. BlackMatter…
REvil Ransomware Returns And Continues To Attack And Leak Data
Guess who’s back in town? After wildly exploiting the zero-day Kaseya vulnerability back in July, and demanding…
CISA and The FBI Reveal An Interesting Warning Regarding Ransomware
Based on data from recent actor tactics, techniques, and procedures (TTPs), they report that ransomware attacks are…
When CISA Releases An Announcement Tagged As Urgent, You Know It's Urgent
Microsoft released a security update in May 2021 revealing three actively exploited ProxyShell vulnerabilities on Microsoft Exchange…
Centraleyes Announces the Addition of the NIST 800-82 Framework to its Framework Library
Centraleyes is proud to announce the addition of the NIST 800-82 Industrial Control Systems Cybersecurity Framework to…
Centraleyes is Featured in the Exclusive STAR Registry as an Official CSA Vendor
Centraleyes is proud to announce that the company is an official CSA STAR vendor, featured in the…
Centraleyes Maps the PSD2 Regulation to its Growing Framework Library
Centraleyes is proud to announce the addition of the PSD2 regulation to the growing framework library. The…
Centraleyes Welcomes Co-Founder of Optiv, Dan Burns, to its Board of Directors
Dan Burns, co-founder and former CEO of Optiv, one the largest SSI’s in the world, brings over…
Centraleyes Adds the FERPA Data Privacy Standard to its Framework Library
Centraleyes is excited to announce the latest addition to the Centraleyes framework library, the FERPA Data Privacy…
Centraleyes Announces the Addition of FedRAMP to its Framework Library
Centraleyes is proud to announce the addition of FedRAMP to the growing framework library. FedRAMP is one…
Centraleyes Continues to Expand Its Global Network of Strategic Partners with UK-based ITC Secure
Online PR News – 04-May-2021 – New York – Centraleyes is excited to announce its latest strategic…
Centraleyes Adds the Recent Privacy Framework by NIST to its Framework Library
Centraleyes is strengthening its framework library with a new privacy framework recently published by NIST. The National…
Centraleyes Disrupts Risk Management With the First Ever Automated Risk Register
Centraleyes has released its latest platform update, which included a one of its kind capability – an…
Centraleyes Maps the CIS Top 20 Critical Controls to its Framework Library
Centraleyes continues to expand its framework library, with the latest addition of the CIS Top 20 Critical…
Centraleyes Partners with Chile-based, Tech Services Provider, Policomp
Online PR News – 05-March-2021 – Tel Aviv – Centraleyes is proud to announce its strategic expansion into…
Centraleyes Enhances its Framework Library with INCD Guidelines for Stronger Cyber Resilience
Centraleyes is strengthening its framework library with yet another risk guideline by the INCD. The Israel National…
Energy Industry Dedicated NERC CIP Standard - Now in the Centraleyes Framework Library
Centraleyes continues to expand its framework library coverage by adding NERC CIP, giving the energy industry a…
Zero Trust Framework - New Addition to the Centraleyes Framework Library
Centraleyes has added another key risk framework to its extensive framework library – the NIST SP 800-207…
Centraleyes Expands its Framework Library With NIST 800-171
Centraleyes is proud to announce the addition of NIST 800-171 to its library of frameworks and standards…
Centraleyes Selected as Top 10 Cyber Security Startups
Centraleyes is extremely proud to announce that it has been selected as one of the top 10…
Centraleyes Official Brand Video Released
Centraleyes is proud to present our official brand video! The video captures our brand’s optimistic spirit in…
Centraleyes Partners with the Cyber Alliance to Protect Healthcare Systems
Online PR News – 21-December-2020 – Tel Aviv – SaaS-based cyber risk platform provider Centraleyes has partnered…
CyGov Appointed Michelle Offir Geveye as Marketing Lead
CyGov has announced the appointment of Michelle Offir Geveye as the new Marketing Lead for the company…
Trevor Failor Named Head Of Sales At CyGov
Bringing two decades of experience in Cyber Security and SaaS sales, Trevor Failor has been appointed as…
CyGov Launches The Centraleyes™ Brand— Superior Platform Automating Inputs, Data & Visualizing Risks
CyGov has re-branded its cutting-edge cyber risk management platform that gives an unparalleled understanding of digital and…
Cygov Continues Upward Growth - Oleg Movchan Joins Board of Directors
Oleg Movchan, a capital markets and risk management veteran, has joined the company’s Board of Directors. 04-June-2020…
Jimmy Sanders, Head of Info Security at Netflix DVD, Joins Cygov Advisory Board
Sanders, one of the foremost authorities on contemporary cyber security challenges, is the latest high-profile addition to…
Cygov Agrees Partnership With R3, Targeting Federal Suppliers
The agreement boosts companies seeking Cybersecurity Maturity Model Certification (CMMC) certification, soon required by all Department of…
Cygov Announces Strategic Partnership with Top 200 MSSP Cybriant
Online PR News – 04-May-2020 – Tel Aviv – SaaS-based cyber risk platform provider CyGov announced today…
CyGov Releases Higher Education White Paper – Streamlining Risk & Reducing Workload
Digital technology has revolutionized the operations, administration and student-facing aspects of higher education. As universities, schools and…
CyGov and HIC Network Security Announce a Strategic Resell Partnership
CyGov is proud to announce that HIC Network Security Solutions, The Network Security Reseller, has become a…
CyGov Releases Free Cyber Resilience Resource for Businesses re-Deploying Remotely
1 April (Tel Aviv) – SaaS-based cyber risk platform provider CyGov announced today that in light of…
New From CyGov - Creation of a Proprietary Cyber Resilience Resource Center
In response to the epic Coronavirus threat, CyGov has created a unique cyber risk resilience management resource…
CyGov Solution Curbs Growing Risk of Supply Chain Breaches
More than ever before, companies of all sizes are at risk of a cyber breach via their…
Eric Moseman Named VP Sales at CyGov
CyGov is excited to announce that Eric Moseman has been appointed Vice President of Sales. He will…
