The FTC requires both. If you think they are the same thing, you are failing your security audit.
Penetration Testing vs. Vulnerability Scanning: Know the Difference
read more
Cyber News
Change Healthcare: the breach that keeps rippling through U.S. healthcare
What’s new. After the 2024 ALPHV/BlackCat attack, 2025 notices show continued remediation and consumer support windows (including deadlines for credit monitoring enrollment). HHS’s FAQ and Change Healthcare’s updates outline impacts and assistance programs as the...
SEC Cybersecurity Disclosure Rules: What Boards Need to Know
The SEC’s new cybersecurity disclosure requirements are now in effect. Here’s what public companies need to understand about material incident reporting.
Google’s Truth-in-Pricing: The End of ‘Lead with the Rebate
Google has implemented new transparency rules for auto ads, effective October 28, 2025. If your online price doesn’t match the deal jacket, your ads are going dark.
The ‘100% Solution’ Myth: Why You Must Audit Your Cybersecurity Vendor
In the rush to satisfy federal regulations, a dangerous sales pitch has taken hold: ‘Buy our solution, and you are 100% FTC compliant.’ It sounds reassuring. It is also legally impossible and operationally reckless.
MITRE ATT&CK for Practitioners: How to Map Real Findings to a Common Threat Language
ATT&CK mapping transforms isolated pentest findings, vulnerability scan results, and incident timelines into a structured, measurable view of adversary behavior. This practical guide walks through a r