-
36 votes
-
Kaspersky deletes itself, installs UltraAV antivirus without warning
22 votes -
SS7: A mobile network operator protocol with scary vulnerabilities
29 votes -
The confessions of Marcus Hutchins, the hacker who saved the internet (2020)
38 votes -
Data security help - SOC2ish
Hi Tilderinos, I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few...
Hi Tilderinos,
I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few of our new clients have full data security teams and our infrastructure and policies/protocols aren't up to snuff. We reached out to a few consulting firms and they quotes us between $80-100k to get things set up and run us through a full SOC2 review. As a small company we don't really have that type of budget, more like $40-50k. I stumbled upon Vanta and Drata as alternatives and had meetings with their sales folks last week. Both of their offerings from setting up our protocols to monitoring and getting us through a SOC2 were only $16k.
Are platform based companies like Vanta or Drata enough to get us off the ground while we're still getting set up? Has anyone worked with them before and have any feelings one way or the other? Should we be signing on with a security consulting company - be it at a lower rate if we can negotiate it?
This is all quite new to me and any insight folks here can provide would be incredible useful.12 votes -
Inside Elon Musk’s mushrooming security apparatus
8 votes -
China's Arctic dreams make the Norwegian port of Kirkenes a global prize – and an unlikely hotbed of East-West rivalry
6 votes -
How CrowdStrike stopped everything. “The failures cascaded as dependent systems crashed, halting operations across multiple sectors."
17 votes -
Bypassing airport security via SQL injection
54 votes -
Chinese government hackers penetrate US internet providers to spy
17 votes -
Israeli cabinet trades insults over ‘Jewish terrorism’ warning. Far-right security minister accused by defence minister and intelligence chief of endangering nation.
9 votes -
Microsoft to host security summit after CrowdStrike disaster
16 votes -
Top companies ground Microsoft Copilot over data governance concerns
23 votes -
“Something has gone seriously wrong,” dual-boot systems warn after Microsoft update
43 votes -
The gigantic and unregulated power plants in the cloud
12 votes -
Digital Euro has Germans fretting their money won’t be secure
16 votes -
EFF’s concerns about the UN draft Cybercrime Convention
9 votes -
Signal developer explains why early encrypted messaging tools flopped
35 votes -
USENIX Security '18: Why do keynote speakers keep suggesting that improving security is possible? (AI, IoT)
7 votes -
Mayor of Oslo warns that drug smugglers are increasingly targeting the Norwegian capital as a gateway to Europe as authorities tighten controls on major ports such as Antwerp
7 votes -
Los Angeles police department warns residents after spike in burglaries using Wi-Fi jammers that disable security cameras, smart doorbells
42 votes -
A network of community activists in small towns and huge cities are helping get food to the people who most need it
17 votes -
FrostyGoop malware attack cut off heat in Ukraine during winter
17 votes -
CrowdStrike global outage to cost US Fortune 500 companies $5.4bn
35 votes -
Anyone can access deleted and private repository data on GitHub
46 votes -
Finland's deportation law puts EU's migration norms to the test – human rights organizations sound the alarm over the controversial measure
20 votes -
A hacker ‘ghost’ network is quietly spreading malware on GitHub
21 votes -
CrowdStrike code update bricking Windows machines around the world
143 votes -
Preventing the worst supply chain attack you can imagine in the Python ecosystem
28 votes -
National security or legal niceties? Norway picks a path – closing down opportunities for members of the authoritarian axis is not always as easy as it looks.
7 votes -
Weak security defaults enabled Squarespace Domains hijacks of former Google Domains accounts
19 votes -
Finnish lawmakers narrowly approved controversial bill that will allow border guards to turn away third-country migrants attempting to enter from neighboring Russia
11 votes -
AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach
26 votes