Latest news with #Coalfire
Hindustan Times
17-06-2025
- Hindustan Times
Emails with ‘Unsubscribe' link may steal your personal data
Your inbox often fills with unwanted emails, and many messages end with a familiar phrase: 'Click here to unsubscribe.' But cybersecurity experts now warn that hitting that unsubscribe button might not be as safe as you think. In some cases, clicking the link could expose you to new online threats. When you click an unsubscribe link, you leave the protected environment of your email client and enter the open web, said Keanini, a cybersecurity expert, to The Wall Street Journal. This transition can put you at risk, as some unsubscribe links lead to malicious websites. According to DNSFilter, about one in every 644 clicks on unsubscribe links directs users to harmful sites. Also read: How to quietly limit someone on Instagram without blocking, unfollowing, or causing drama One common danger is that attackers use unsubscribe clicks to confirm whether your email address is active. Michael Bargury, CTO of AI security firm Zenity, explains to The Wall Street Journal that clicking the link tells spammers you are a real person who engages with emails. While this might not cause immediate damage, it can make you a bigger target for future scams. Once attackers verify your email address, they may start gathering information on you to attempt scams or extortion through social engineering, warns Charles Henderson, executive VP of cybersecurity services at Coalfire, The Wall Street Journal reported. Another risk is that some unsubscribe links redirect users to fake websites designed to steal login details or install malware. Also read: How to easily compress data on your iPad to save storage space 'If the site asks for your password to unsubscribe, don't provide it,' Bargury advises. Instead, he recommends opening a new browser window and manually visiting the sender's official website to adjust email settings. Some legitimate companies send users to pages requiring email re-entry for unsubscribing. Henderson explains this happens because some unsubscribe systems use a single generic link for all recipients, not personalised links. Still, he advises against clicking unsubscribe links from unknown senders. 'If you don't trust the source, why trust their unsubscribe link?' he says. Also read: 5 easy ways to improve your internet connectivity while waiting for Starlink in India Though malware infection via unsubscribe links is possible, Henderson notes it's an unlikely method for attackers. To succeed, hackers must exploit specific browser vulnerabilities and target users who click those fake links. Experts agree that using 'list-unsubscribe headers', buttons in email headers provided by many email services, is a safer way to opt out. These links don't lead you to external websites, which reduces the risk. Apple's 'Hide My Email' feature and similar browser extensions offer another privacy layer by generating random forwarding addresses, which helps users keep their real inboxes private while signing up for online offers.
Associated Press
12-06-2025
- Business
- Associated Press
Workday Achieves Top AI Certifications, Reinforcing Commitment to Responsible AI
Company Achieves ISO 42001 and NIST AI RMF Alignment for Ethical AI PLEASANTON, Calif., June 12, 2025 /PRNewswire/ -- Workday, Inc. (NASDAQ: WDAY), the AI platform for managing people, money, and agents, today announced that it has earned two highly respected third party accreditations for its AI governance program. These certifications affirm Workday's leadership in building AI responsibly and fostering trust in its products and services. Workday has achieved ISO 42001 accreditation, a prestigious international recognition signifying the company's commitment to developing AI responsibly and transparently. The company also received independent attestation of alignment with the National Institute of Standards in Technology AI Risk Management Framework (NIST AI RMF), a rigorous set of best practices developed by the U.S. Department of Commerce that demonstrates the company's ability to manage AI risks effectively when developing AI. Workday proactively and voluntarily underwent these stringent evaluations to provide customers with unparalleled confidence in the company's AI development practices. These accreditations, independently verified by leading assessors Schellman and Coalfire, underscore Workday's dedication to developing AI responsibly, including protections for fundamental human rights, safety, security, and privacy. 'Workday is committed to developing AI that amplifies human potential and inspires trust,' said Dr. Kelly Trindel, chief responsible AI officer, Workday. 'Our robust responsible AI governance program is key to delivering the innovative, trustworthy products our customers expect, and this dual recognition affirms our leadership in this critical area.' In light of rapidly evolving AI standards and regulations, this strategic step directly addresses any concerns about how the company identifies and mitigates potential AI risks to fundamental human rights and safety. 'Workday demonstrated a strong AI governance program along with the internal expertise to manage the risks induced by using AI within their SaaS products,' said Mandy Pote, managing principal, Coalfire. 'During the assessment, Workday not only articulated the design of its AI program but also provided clear documentation and evidence to substantiate its AI risk practices.' 'We are proud to have been Workday's trusted partner in achieving ISO 42001 certification. As a leader in enterprise cloud applications for finance and HR, Workday continues to set the standard for responsible AI in the technology sector,' said Danny Manimbo, principal and ISO practice leader, Schellman. 'This achievement reflects their commitment to embedding trust, transparency, and governance into the very core of their AI-driven innovations—values we are proud to support.' About Workday Workday is the AI platform for managing people, money, and agents. The Workday platform is built with AI at the core to help customers elevate people, supercharge work, and move their business forever forward. Workday is used by more than 11,000 organizations around the world and across industries – from medium-sized businesses to more than 60% of the Fortune 500. For more information about Workday, visit Forward-Looking Statements This press release contains forward-looking statements including, among other things, statements regarding Workday's plans, beliefs, and expectations. These forward-looking statements are based only on currently available information and our current beliefs, expectations, and assumptions. Because forward-looking statements relate to the future, they are subject to inherent risks, uncertainties, assumptions, and changes in circumstances that are difficult to predict and many of which are outside of our control. If the risks materialize, assumptions prove incorrect, or we experience unexpected changes in circumstances, actual results could differ materially from the results implied by these forward-looking statements, and therefore you should not rely on any forward-looking statements. Risks include, but are not limited to, risks described in our filings with the Securities and Exchange Commission ('SEC'), including our most recent report on Form 10-Q or Form 10-K and other reports that we have filed and will file with the SEC from time to time, which could cause actual results to vary from expectations. Workday assumes no obligation to, and does not currently intend to, update any such forward-looking statements after the date of this release, except as required by law. Any unreleased services, features, or functions referenced in this document, our website, or other press releases or public statements that are not currently available are subject to change at Workday's discretion and may not be delivered as planned or at all. Customers who purchase Workday services should make their purchase decisions based upon services, features, and functions that are currently available. © 2025 Workday, Inc. All rights reserved. Workday and the Workday logo are registered trademarks of Workday, Inc. All other brand and product names are trademarks or registered trademarks of their respective holders. View original content to download multimedia: SOURCE Workday Inc.
Business Wire
05-06-2025
- Business
- Business Wire
Forescout Partners with Coalfire to Deliver FedRAMP-Authorized Cybersecurity Solutions for U.S. Public Sector Agencies
SAN JOSE, Calif.--(BUSINESS WIRE)-- Forescout Technologies, Inc., a global cybersecurity leader, today announced a strategic partnership with Coalfire to accelerate the FedRAMP Authorization to Operate (ATO) processes for Forescout Cloud Services. 'Our partnership with Coalfire positions Forescout Cloud Services to meet the highest security standards and accelerate the path to FedRAMP authorization," said Mike Walsh, President of Forescout Government Systems. This collaboration builds on Forescout's 20-year track record of providing cost-effective security solutions for US federal civilian and DoD agencies to support them in modernizing their cybersecurity posture in line with the Federal Zero Trust Strategy, including the DoD's device requirements and evolving cloud security mandates. Forescout Cloud delivers scalable, intelligent, and integrated cybersecurity for all connected edge devices, as well as IT, Operational Technology (OT), and Internet of Things (IoT). Leveraging Coalfire's deep FedRAMP expertise, Forescout can rapidly meet the rigorous security and compliance requirements of all U.S. federal agencies. 'Federal agencies can't afford delays when it comes to cloud modernization and Zero Trust for IT devices and the future of Zero Trust for OT security,' said Mike Walsh, President of Forescout Government Systems. 'Our partnership with Coalfire positions Forescout Cloud Services to meet the highest security standards and accelerate the path to FedRAMP authorization. Together, we're enabling agencies to strengthen cyber resilience and maximize ROI.' The Forescout 4D Platform™ is built for high-stakes federal networks that reflect real-world deployments in DoD, DHS, and other federal agencies. Unlike other network security vendors that create vendor lock-in and limit flexibility in environments with diverse network gear, Forescout is the alternative and strategic enhancement to CISOs and cyber managers who have a deliberate approach to network vendor competition. With Forescout Cloud Services, federal agencies will be able to: Form the foundation of Zero Trust security with enterprise-wide asset intelligence and deployment health monitoring. Take the next steps in Zero Trust enforcement, including network segmentation and real-time policy simulation. Eliminate the need for manual reports with automated reporting powered by generative AI that helps prove adherence to executive orders and mandates. Deploy advanced threat detection and response, with full Security Orchestration, Automation, and Response (SOAR) and Security Operations Center (SOC) integration across hybrid and cloud environments. Benefit from native support for IPv6 addressing that aligns with federal modernization mandates. 'Coalfire's FastRAMP accelerator services are designed to help cloud innovators like Forescout navigate and succeed in the FedRAMP process with confidence,' said Karen Laughton, Executive Vice President at Coalfire. 'This partnership reflects our shared mission of securing critical federal infrastructure and bringing trusted cloud capabilities to government customers, faster.' Join the Conversation Forescout will host a webinar, led by its cloud leadership team, to share the company's vision and roadmap for delivering FedRAMP-authorized cloud services on July 15 at 11 a.m. CT. Register here. About Forescout The Forescout 4D Platform™ provides complete asset intelligence and control across IT, OT, and IoT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective. Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout's platform. About Coalfire Coalfire is a global services and solutions company that specializes in cyber advisory, assessment, and security. The company also develops cutting-edge technology platforms that automate defenses against security threats for the world's leading enterprises, cloud providers, and SaaS companies. Coalfire is the foremost provider of FedRAMP compliance assessments and penetration testing services in the United States. For more information, visit and follow on LinkedIn.
Yahoo
11-05-2025
- Business
- Yahoo
Elon Musk's Plan for Americans' Sensitive Data Has Security Experts Terrified
Elon Musk's ever-alarming Department of Government Efficiency (DOGE) now wants to consolidate the federal government's vast data reserves. They're currently siloed across government agencies, and DOGE wants to merge them into a sprawling centralized database. Unsurprisingly, security experts told The Washington Post that's a terrible idea. It's not hard to see why. China hasn't upped its hacking efforts just for kicks; data is incredibly powerful, and hacking groups and foreign adversaries are always trying to get their hands on sensitive information about American citizens and residents, lawmakers, agencies, and companies. As conventional security wisdom goes, keeping that sensitive information in separate, protected piles across agencies not only makes it more difficult for hackers to find data, but if there's a breach, ensures that adversaries only get their hands on one small slice of a much bigger pie. In short, it's the difference between sending treasure hunters to find and collect individual coins that have been scattered across an ocean, or sending them after one big pot of gold. Which one would you rather track down? "Separation and segmentation is one of the core principles in sound cybersecurity," Charles Henderson, an executive at the security firm Coalfire, told WaPo. "Putting all your eggs in one basket means I don't need to go hunting for them — I can just steal the basket." Privacy and civil rights groups are also concerned about the cross-agency pooling of federal data, as combining data from across government agencies — from health services to immigration, social security, workforce-related agencies, and so on — can paint more holistic (and thus more targeted and exploitable) portraits of specific US citizens and residents. As Faith Williams, director of the Effective and Accountable Government Program at the Project on Government Oversight, told WaPo, you "want people to have the least amount of access that they absolutely need." "So if someone comes in and asks a question," she added, "it's not 'here's the master key.'" In a statement to WaPo, the White House severely downplayed valid security concerns, with a spokesperson urging that DOGE is comprised of "some of the brightest cybersecurity minds in the nation" and that "every action taken is fully compliant with the law." "President Trump is leading the charge to modernize the federal government and make it more efficient — and DOGE is playing a critical role in fulfilling that vision," said the spokesperson, per WaPo. "By advancing secure data-sharing across agencies, DOGE is enhancing accountability, eliminating fraud, and streamlining operations across the board." More on DOGE: Elon Musk Using Private Data to Build List of People to Deport
Techday NZ
27-04-2025
- Business
- Techday NZ
Qualys launches Policy Audit to slash compliance audit costs
Qualys has announced an enhancement to its policy compliance solution with the launch of Policy Audit, aiming to streamline audit efficiency, reduce compliance costs and lower regulatory risks for organisations. The increase in regulatory requirements has presented significant challenges for enterprises; according to the Compliance Digital Transformation Report by Coalfire, nearly 70% of service organisations are subject to six or more regulatory frameworks. These requirements stretch operational resources and often result in higher costs. The complexity is further complicated by system misconfigurations which can lead to instances of non-compliance and potential regulatory penalties. Policy Audit introduces several automated features designed to address these challenges by reducing the reliance on manual processes. Sandeep Khanna, Chief Information Security Officer at the Unique Identification Authority of India (UIDAI), commented on the integration of Policy Audit, stating: "Integrating Qualys Policy Audit into our workflows has transformed how we manage compliance. The seamless collaboration between teams, combined with real-time visibility across multiple mandates, has streamlined our operations and enabled proactive risk management. It's a game-changer for audit readiness." The Policy Audit solution works by automatically mapping collected evidence to major compliance frameworks such as PCI DSS 4.0, DORA, NIST, CMMC, and FedRAMP. It provides coverage across 450 technology types, includes over 1,000 out-of-the-box policies, and supports compliance with more than 90 frameworks. This is intended to foster continuous compliance and audit readiness while helping to mitigate the risk of audit failures. Among its features, the continuous audit readiness capability automates evidence collection and reduces the risk of human error, offering organisations a way to monitor audit gaps via real-time compliance posture dashboards. According to Qualys, the use of automated policy compliance can reduce audit failure rates by as much as 95%, allowing organisations to proactively address risks that could result in fines or penalties. Policy Audit also incorporates Qualys TruRisk, which maps compliance and data privacy risks automatically while identifying and prioritising critical misconfigurations according to business impact and asset and threat exposure. This functionality is intended to help organisations focus resources on the most significant vulnerabilities, and to understand the effect of these vulnerabilities across various regulatory mandates. With regard to operational workflow, Policy Audit includes automated IT Service Management (ITSM) workflows to connect silos between teams, ensuring necessary information moves efficiently to the relevant parties. Its integration with Governance, Risk, and Compliance (GRC) tools aims to improve visibility and streamline both compliance tracking and risk management. Policy Audit features automated remediation workflows to accelerate the response to compliance gaps and reduce the window of exposure to breaches. On the reporting side, the solution enables organisations to generate multiple customisable reports from a single data collection process, utilising more than 90 pre-mapped mandates. These reports can be adapted for audiences such as executives and stakeholders, facilitating audits on demand and reportedly cutting audit costs by up to 50%. Sumedh Thakar, President and Chief Executive Officer of Qualys, commented: "Organisations are facing a growing number of mandates, and audit readiness is more critical than ever. Yet many struggle with complex regulations, limited staff, tight budgets, and manual processes—making compliance costly and error-prone." "Policy Audit transforms audits from a source of stress into a streamlined, automated process that empowers teams to do more while keeping the organisation continuously audit ready." In conjunction with Policy Audit, Qualys has introduced Audit Fix, an optional feature designed to help limit breach exposure. Audit Fix allows users to remediate audit findings before they escalate into compliance issues using a library of pre-defined scripts and policies, which can be integrated into continuous integration and deployment (CI/CD) pipelines. Customisable remediation workflows further contribute to continuous compliance and risk reduction. Qualys Policy Audit is expected to be available in the second quarter of the year.
