Samsung has launched the Tab S10 FE and Tab S10 FE Plus, the latest in its midrange Android tablet line, but they cost $50 more than their predecessors. For the first time neither tablet has a direct equivalent in the standard Tab S10 series. The FE is the smallest of the companys current tablet offerings, while the FE Plus comes in a new screen size that sits in-between the S10 Plus and the S10 Ultra, meaning all four of Samsungs Tab S10 tablets now come in different sizes. The S10 FE packs a 10.9-inch display, which has been Samsungs standard tablet screen size for some time but since the company never released a regular Tab S10, only Plus and Ultra models, its the first in that size for this series. The FE Plus offers a new 13.1-inch screen, larger than the 12.4-inch S10 Plus but smaller than the 14.6-inch Ultra.Both tablets still use LCD panels, rather than OLED, and are limited to 90Hz refresh rates. Despite the larger size the Plus model doesnt feature a bigger battery than its predecessor, though both are slightly slimmer than before instead. Theyre also both limited to a single rear camera the Plus losing its ultrawide but this has been upgraded to a new 13-megapixel sensor. Theyll ship running Android 15, along with Samsungs usual suite of AI features.Both tablets are powered by the same Samsung Exynos 1580 chipset, an upgrade to the 1380 found in the Tab S9 FE models, and are offered with up to 12GB of RAM and 256GB of storage. IP68 dust and water-resistance returns, as does support for the S Pen stylus which is included in the box, but is a simplified version without support for Bluetooth features. That was true of last years FE tablets too, so likely would have happened regardless of the controversial decision to strip Bluetooth from the Galaxy S25 Ultras S Pen earlier this year.The Tab S10 FE and S10 FE Plus will both be available in the US from April 10th in gray, silver, or blue, though reservations are open now. The regular model starts at $499.99, with the Plus at $649.99 both $50 increases on the previous generation. Theres also a 5G version of the smaller Tab S10 FE for $100 extra, though this only comes in gray.See More:

Apr 1Ash ParrishHow to watch the Switch 2 DirectIts finally time for the biggest video game event of the last few years. In January, Nintendo officially unveiled the successor to the Switch, helpfully called the Switch 2. The short video showed off some of the consoles features, like magnetized Joy-Cons, and provided a brief glimpse at a new Mario Kart game. But it didnt give us any specifics.From earlier press releases, we know that the Switch 2 will be backward-compatible with the Switch 1 cartridges and that you can easily transfer digital games between your Switch 1 and Switch 2 systems. We know it will be larger, feature redesigned Joy-Con controllers, and have some kind of new Mario Kart. At the Switch 2 Direct, well hopefully get answers to all our burning questions.Read Article >Feb 5Ash ParrishNintendo shares more info on its Switch 2 directImage: The Verge, NintendoAs we settle in for the long, excruciating wait for more tangible news on the Switch 2, Nintendo has thrown us a little extra nugget of information. While we knew the company was planning to share more about the Switch 2 on April 2nd, now we have a time: 9 AM ET / 6 AM PT / 10 PM JST. If you were taking bets on this time, you would have won handily as this is generally the usual time Nintendo holds its big events. The announcement on Nintendos website didnt contain any extra detail about the duration of the event or the exact breakdown of topics thatll be covered, other than to say it will share a closer look at the new device.Last month, the company finally confirmed the existence of its new console dubbed, helpfully, the Switch 2. The reveal itself was sparse on detail, only confirming that the console would be larger than its predecessor and that its Joy-Con controllers appear to attach via some kind of magnetic action. Because of the reveals relative lack of concrete information, were left with so many questions about the new console. Nevertheless, there was still lots of speculation about what the Switch 2 could possibly do. Theories were put forth that the new Joy-Cons contained some kind of mouse functionality and that the extra button on the right Joy-Con was related to some kind of party chat feature. Hopefully, Nintendo will let us know those if theories were correct during the Switch 2 Nintendo Direct on Wednesday, April 2nd bright and early at 9 AM.Read Article >Jan 16Ash ParrishNintendo announces Switch 2 Direct for AprilImage: The VergeNow that Nintendos reveal of the Switch 2 has put to rest years of anticipation and rumormongering, its time to hear more information about the console and, importantly, all the games. The company has announced it will hold a Switch 2 Direct scheduled for April 2nd.The Switch 2 reveal trailer showed footage that looks to be a new Mario Kart game, which is a good indication itll be a launch title. Theres speculation that the forthcoming Metroid Prime 4 might straddle both consoles the way Breath of the Wild launched on both the Wii U and the Switch back in 2017. The Switch 2 Direct might also reveal the follow-up to Super Mario Odyssey. Who knows?Read Article >

A video purportedly taken from the next iteration of The Sims has popped up online, and fans have expressed their concern about what it may mean for the much-loved series.Project Rene - the codename sometimes used interchangeably with The Sims 5, although EA maintains Project Rene is, in fact, a spin-off project - has been bubbling around for a few years now, but early access footage from a game entitled "City Life Game With Friends" has many players thinking that this could well be the next Sims game.The video itself is a full 20 minutes long and shows the player clicking through text prompts to select their outfit, hair, watch, activities, and so on. He then spawns into a sunlit Plaza de Poupon where he buys some food and mingles with the locals. He later goes to work in the outdoor caf.Characters are clearly called Sims throughout the playtest, talk in Simlish, and are adorned with The Sims' tell-tale Plumbob.Play"I am terribly disappointed with Project Rene. Yes, I know, according to EA, 'this is not the final game.' Is this a joke or what?" said one unhappy player on The Sims' subreddit on a post entitled "I think Project Rene is a redflag (I hope not)" that has been upvoted hundreds of times. "EA clearly wants to kill off normal Sims games and push people toward the mobile-style experience. So in their mind, a reboot literally means this at least thats what I THINK.""This is not going to be for me, I can tell already," said another. "It just seems so basic and I don't want to play The Sims on my phone.""The funny thing is, making a PC/mobile cross-compatible Sims game isn't a bad idea," posited a fan. "EA just believes that mobile games HAVE to be ugly for some reason. They're chasing all of the design trends of the past decade, but it means that this thing already looks dated and it's not even out yet.""The way The Sims was a literally [sic] satire about capitalist suburban consumption-as-happiness.... And this is where the Sims ended up. Endless consumption-as-happiness," suggested another. Project Rene the codenamed game initially thought to be The Sims 5 until EA distanced itself from those rumors was first teased in 2022 during a Behind the Sims Summit. It's a free-to-play Sims game that features multiplayer inspired by Animal Crossing and Among Us. It hasn't yet been formally revealed or received a release date, but EA has been holding small, invite-only playtests for the game since its announcement, with the game's latest playtest presumably spawning these recent leaks.The name Rene was chosen because it references words like "renewal, renaissance, and rebirth" that "represent the developer's renewed commitment for the Sims' bright future."Last October, however, images of Project Rene leaked from a closed online test, prompting complaints about the art style, limited features, and the use of microtransactions. It was the addition of a caf that drew the most skepticism, primarily due to the smiliaries to 2018's The Sims Mobile. It was then that EA said Project Rene was not The Sims 5 but would, in fact, be a different "cosy, social game" released under The Sims franchise.Don't forget that The Burglar, a familiar sight for those of us who've spent time with any of the older Sims games snuck back into our lives as part of the latest update for The Sims 4.Vikki Blake is a reporter, critic, columnist, and consultant. She's also a Guardian, Spartan, Silent Hillian, Legend, and perpetually High Chaos. Find her at BlueSky.

Lowest Price Ever1TB Seagate Storage SSD Expansion Card for Xbox Series X|S This is a solid 15-20 less than the next best deal we saw last year, so you've got the perfect chance to max out your storage with tons of games, either on Game Pass or titles you've bought outright. There's also a shocking 71 off the 2TB model, now only 199.00 compared to its original 270. However, if you're either shopping on a budget or have smaller storage needs by comparison, the 1TB internal SSD for 99.99 is still an immense deal and well worth picking up. This is better than we've seen during Prime Day, Black Friday, and any other shopping event you can think of.PlayThere are other brands of external SSDs you can choose from, but Seagate's have that extra mark of quality as it they were designed in partnership with Xbox itself. With a simple yet effective plug-and-play design, these Seagate SSDs will function like a true part of the console itself, allowing you to play games stored directly with no sacrifice to loading times, graphics, or frame rates.That means if you've enjoyed the Xbox Series X|S's technical features like Quick Resume, this additional SSD will let you store and play as many extra games as allowed, without needing to shift between the expansion card and the console's internal SSD storage.So if you want to keep playing a variety of different games like Call of Duty: Black Ops 6 or Assassin's Creed: Shadows within the same session, you won't have to restart the other and enjoy both without added load times.1TB Seagate FireCuda External Gaming Hard Drive HDD2TB Seagate FireCuda External Gaming Hard Drive HDD5TB Seagate FireCuda External Gaming Hard Drive HDD8TB Seagate FireCuda External Gaming Hard Drive HDD16TB Seagate FireCuda External Gaming Hard Drive HDDHowever, if you prioritise more storage for your money and aren't too bothered about loading times, Seagate's external FireCuda hard drive for PC is on offer as wellslashing up to up to 67.23 off its 1TB, 2TB, 5TB, 8TB, and 16TB options. The biggest model at 16TB of storage at 325.97 is the highlight, letting casual players add tons of extra games without having to delete any for years.While they won't be as fast as SSDs, the FireCuda hard drives are still an excellent go-to depending on what you're looking for. Plus, the customisable LED lighting strip adds a fun bit of additional RGB atmosphere to your gaming set-up on the side.Ben Williams IGN freelance contributor with over 10 years of experience covering gaming, tech, film, TV, and anime. Follow him on Twitter/X @BenLevelTen.

This article contains light spoilers for Yellowjackets season 3.As Yellowjackets third season winds down, the tension and conflict has only ratcheted up. Due to impulsive decisionmaking, to put it politely, from teen Lottie in episode 7, Croak, the minds behind Yellowjackets have put into motion pivotal and interweaving plot threads with major implications for the past and present timelines.During a promotional stop at SXSW Film & TV festival in Austin in early March, Den of Geek met the producers of Yellowjackets, Jonathan Lisco and Drew Comins, and series creators Ashley Lyle and Bart Nickerson inside of Paramount+s The Lodge experience, where the streamer created a nicely wooded photo opp area. No frogs or axes were present during our interview, but we were able to pick their brains about the evolution of their writing process, and how they approached some of the standout characters in season three.The creatives have different approaches when it comes to checking in with fans and engaging with specific fan theories, such as a major character death that was teased in season one. Lyle initially was intrigued by it after the shows buzzy start, but has almost entirely checked out of the discourse. Lisco referenced the feedback loop in television where they see the edits and we can see who is dimensionalizing their character more, which partially led to their decision to give the fans what they wanted: more Mari.Were really just interested in the dimensionality of the characters and people, Lyle says. This season, theyve started to really lose their minds. Theres this darkness that is potentially always hiding in the shadows.Dark, abrupt twists have become the calling card of season three but the team continues to be excited by finding ways to unlock the talented cast theyve assembled in new ways. The show has been balancing ominous themes with comedic relief like that of Warren Koles Jeff Sadecki or this seasons breakout in teenage Mari. Played by actress Alexa Barajas, Mari began the series as a secondary character in the first two seasons and has since grown to become a more prominent character this season.Alexa is a treasure, basically, she started out as a relatively secondary character on the show, Lisco says. And I think we decided that we could give her more, and we gave her more, and she just kept knocking out of the park. So we decided to take her on a real ride this season.Series co-creator Lyle expanded on how gratifying it is to find ways to grow the ensemble and find more screentime for characters who might have been sidelined in past seasons.We knew we couldnt have 12 main characters in a season, but we got very lucky that these secondary characters showed their talent and their abilities as actors. she says. [Maris] rise as a character is evidence of the shows success and increased comfortability in exploring the abilities and complexities of different characters and actors.Comedy has always been an important tool throughout the show, and during the writing process the creative team is always trying to blend the lines of humor, horror-leaning elements, and drama. People dont know what to do with shows that are like, Its a comedy but its a drama, its a horror show, says Lyle.The ability to flesh out the series secondary characters in some ways is linked to the runaway success of the show giving the creative team more latitude to take risks and experiment. For series co-creator Nickerson, the process is familiar, but its undeniable the circumstances have changed when it comes to tuning out the online noise around Yellowjackets and growing as a decision-making unit.Join our mailing listGet the best of Den of Geek delivered right to your inbox!I feel like, individually and collectively, were always sort of growing in ways we might not be able to fully comprehend, Nickerson says. You sort of like, move differently when the wind is at your back or ahead of you, or like, depending on how the circumstance shifts and changes.For Comins, the feedback and excitement is a motivational boon. I think the ability to be noisy and kind of incite that emotion, again, from people who are new to the hive of Yellowjackets and people whove been there since the beginning, he says. I think that, in of itself, is very exciting and very potent. And I think art is meant to generate discourse, right?

Tommy Callahan sucks as a salesman. So much so that midway through 1995s Tommy Boy, Tommy and his unwilling sales partner Richard take a break at a diner to drown their miseries in terrible food. Richard orders a shrimp cocktail, but when Tommy requests chicken wings, the waitress shuts him down because the kitchen is closed.What follows is an incredible combination of self-loathing and obnoxious ranting. Comparing himself to a circus boy who inadvertently smothers his beloved pet, and Lenny from Of Mice and Men, Tommy picks up a bread roll that he initially strokes, but soon enough is killing. And kill in this scene he does, with Tommy crushing the roll in his hand while screaming in equal measures of sorrow and terror.At the end of the bit, Tommy looks up at the waitress, his mussed hair and red face contrasting his simultaneous expressions of innocence and excitement. God, youre sick, the waitress chuckles, and proceeds to open the kitchen for his wings.That short bit serves as the turning point in Tommy Boy, the moment when Tommy and Richard finally click as a sales team and succeed enough to save the company. The bit, which was released into theaters 30 years ago, also captures the magic of Chris Farley as a comedian, a fantastic talent who was lost far too soon.A Friendly GiantBy his own admission, Farley wasnt the first energetic big man in Saturday Night Live history. Farley idolized the shows original maniac John Belushi, remembering fondly how his father would lose himself in laughter while watching Belushi perform. When Farley joined SNLs cast in 1990, he initially presented himself in the Belushi mold. Motivational speaker Matt Foley, which he and Bob Odenkirk created while they were both at Second City in Chicago, highlights the Belushi influence. In his introductory sketch, Matt terrorizes the suburban family who hires him, bellowing in their faces about his life in a van down by the river. The sketch ends with the family locking the doors and huddling in fear when Matt threatens to move in with them.Matt has plenty of the boiling rage that marked Odenkirks early work, long before he would snuggle his Little Women. But Farley plays it like the second coming of Belushis diner or samurai characters. Matts also one of Farleys signature characters. But he lacks the later quality that made Farley unique from Belushithat made Farley one of the most beloved actors in SNL history. He lacks Farleys innate sweetness.Later sketches would make use of Farleys guilelessness and Midwestern affability, most notably The Chris Farley Show, in which he shyly asked guests such as Martin Scorsese and Paul McCartney awkward and obvious questions. But no work captured Farleys mixture of manic energy and inherent kindness like Tommy Boy.Chaos Across the MidwestReleased in 1995 and directed by Peter Segal, Tommy Boy stars Farley as Tommy Callahan, scion of successful auto parts manufacturer Callahan Auto, based in Sandusky, Ohio. A party boy who skates by on his charm and family fortune, Tommy earns the ire of Richard (David Spade), who had to work hard to earn a top position at the company.When Tommys dad (Brian Dennehy) drops dead after marrying the duplicitous Beverley (Bo Derek), she and her con partner Paul (Rob Lowe) enact a plan to sell the Callahan company to an unscrupulous rival in Chicago. This would also in effect put most of the workers in Sandusky out of a job. To save the company, Tommy and Richard must therefore go on a tour of the Midwest, doing everything they can to sell Callahans revolutionary new brake pads and thwart Beverleys plan.As you might expect, that setup from screenwriters Bonnie and Terry Turner largely exists as a spine on which to graft comic set pieces. Each places Farleys outsized persona against Spades reserved snark. Thanks to that structure, Tommy Boy has plenty of space to show off all the varieties of Farleys approach.A simple example involves Tommy meeting Paul for the first time, introduced to our big-hearted protagonist as his new step-brother. I have a brother? Tommy asks with wonder. When Paul extends his hands, Tommy responds with affable rejection. Brothers dont shake hands, he gushes. Brothers gotta hug! He envelops Paul in a giant bear hug, dwarfing Lowe in the embrace.Join our mailing listGet the best of Den of Geek delivered right to your inbox!A later sequence finds Tommy bumbling as he attempts to fuel up Richards fancy car. After accidentally bending the door the wrong way, we watch through a window and over Spades shoulder as Farley struggles to push it back into place. With the same chaotic energy of classic physical comedians such as Roscoe Arbuckle and Buster Keaton, Farley throws himself at the door, bumbling back each time. But the kicker is the end of the bit when Richard returns to the vehicle, finding Tommy sitting inside and deliberately not looking at the now-shut car door.After taking a second to gently buff a tiny scratch on the door, Richard pulls the it open, only to have it come off in his hand. Taking one look at the horrified Richard, Tommy asks with exaggerated surprise, Whatd you do!?!Obviously, Tommy knows what he did and what Richard didnt do. But Farley channels his innate likability to sell the line, making it all the funnier.A Legacy of LaughterFarley made a few more movies before his untimely death in 1997 at the age of 33. And each of these movies have their charms, whether its teaming again with Spade for 1996s Black Sheep, going solo for 1997s Beverly Hills Ninja (1997), or swapping Spade for another uptight sidekick via Matthew Perry in Almost Heroes (1998).But none of them so perfectly suit Farleys comic sensibilities like Tommy Boy. Its in Tommy Boy, with its warm-hearted underdog story and space for big set pieces that remind us just how special Farley was.

iPhone farms banks of phones equipped with rotating temporary Apple IDs are being used to send more 100,000 scam iMessages per day, found security researchers.By using iMessages rather than texts, scammers can bypass spam and scam filters implemented by mobile carriers. Fraudsters dont even need any technical skills to carry out their attacks, as there are companies offering phishing-as-a-service (PhAAS) Unpaid toll fees, shipping fees, and more scamsCommon scams doing the rounds at present include fake demands for unpaid road toll fees; claims that shipping fees are needed to release valuable packages from Customs; and fictitious warnings about unpaid taxes.These scams are commonly carried out via email and text message, and theres a constant cat-and-mouse game between criminals and ISPs and mobile carriers seeking to detect suspicious text and links in order to block them.iPhone farms sending scam iMessagesHowever, researchers at cybersecurity firm Catalyst have found that scammers are now turning to iMessage. Because these messages are encrypted, with networks unable to see the contents, they cannot be detected and blocked.What makes things worse is they found a Chinese platform offering the use of their iPhone farms to anyone willing to pay.Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally []Its scalable, subscription-based model enables cybercriminals to conduct large-scale phishing campaigns to harvest credit card details for financial fraud [] To enhance effectiveness, Lucid leverages Apple iMessage and Androids RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.The group behind Lucid even includes templates scammers can use to create convincing-looking replicas of websites for companies like courier services. The XinXin group, known for developing Lucid and other PhAAS platforms, has been observed selling phishing templates designed to impersonate postal services, courier companies, road toll systems, and tax refund agencies.Catalyst includes a low-quality photo (above) of one of these iPhone farms in use.A Telegram group used to sell these PhAAS attacks has more than 2,000 members.How to protect yourselfThe main safeguard against phishing attacks is toneverclick on links sent in emails. Always use your own bookmarks, or type in a known URL.Its easy to make an email or message look like it originated from a legitimate company, so dont trust apparently-known senders. Be especially suspicious of messages urging you to act quickly to avoid fines or see packages returned to their senders.Highlighted accessoriesVia Macworld. Photo via Catalyst on background by Uriel SConUnsplash.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Includes 5G Ultrawideband, which can be super-fast but is only available in very limited areasVerizon-owned Visible seems to be offering a much better unlimited mobile data deal than its parent company. The new Visible+ Pro plan includes 5G Ultrawideband, unlimited hotspot usage, 4K video streaming, cellular service for one Apple Watch and claims to have no throttling.The cost of the plan is $45 per month, which is $20 cheaper than Verizons own Unlimited Welcome Heres what Visible says about the new plan:Unlimited talk, text & dataNever worry about overages or hidden fees with all the minutes, messages and gigabytes you need. Includes unlimited calls & texting from the US to Puerto Rico, the US Virgin Islands, Guam and Saipan.With unlimited 5G, get reliable 5G performance. All plans include 5G and 4G LTE network access and unlimited data, talk, text and hotspot.5G Ultra WidebandVisible+ Pro gives you unlimited premium data on Verizons 5G Ultra Wideband network, the fastest 5G network access we offer.UHD VideoStream all your favorite media with up to 4K UHD quality video.Smartwatch service includedGet Apple Watch service included in your plan at no additional cost (normally $10/mo)3x faster unlimited mobile hotspotYour smartphone becomes a Wi-Fi connection for devices like tablets, laptops, and more. Visible+ Pro includes mobile hotspot with unlimited data at speeds up to 15 Mbps (3x faster than our Visible plan).There are also a number of international features, including unlimited talk and text to Mexico and Canada, as well as up to 24 days a year of overseas use.The Verge notes that the plan is a significantly better deal than you can get direct from Verizon, yet seems to equal or better the quality of coverage.Its common for carriers to claim unlimited data in the headline and then include data throttling for high-usage customers in the small-print, but this doesnt seem to be the case here, so itll be interesting to see whether any catches emerge.Highlighted accessoriesPhoto byFrederik LipfertonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Apr 02, 2025The Hacker NewsCompliance / Data ProtectionIntroductionAs the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to achieving robust cybersecurity practices.For service providers, adhering to NIST standards is a strategic business decision. Compliance not only protects client data but also enhances credibility, streamlines incident response, and provides a competitive edge. The step-by-step guide is designed to help service providers understand and implement NIST compliance for their clients. By following the guide, you will:Understand the importance of NIST compliance and how it impacts service providers.Learn about key NIST frameworks, including NIST Cybersecurity Framework (CSF 2.0), NIST 800-53, and NIST 800-171.Follow a structured compliance roadmapfrom conducting a gap analysis to implementing security controls and monitoring risks.Learn how to overcome common compliance challenges using best practices and automation tools.Ensure long-term compliance and security maturity, strengthening trust with clients and enhancing market competitiveness.What is NIST Compliance and Why Does it Matter for Service Providers?NIST compliance involves aligning an organization's cybersecurity policies, processes, and controls with standards set by the National Institute of Standards and Technology. These standards help organizations manage cybersecurity risks effectively by providing a structured approach to data protection, risk assessment, and incident response.For service providers, achieving NIST compliance means:Enhanced security: Improved ability to identify, assess, and mitigate cybersecurity risks.Regulatory compliance: Alignment with industry standards such as HIPAA, PCI-DSS, and CMMC.Market differentiation: Establishes trust with clients, positioning providers as reliable security partners.Efficient incident response: Ensures a structured process for managing security incidents.Operational efficiency: Simplifies compliance with clear frameworks and automation tools.Who Needs NIST Compliance?NIST compliance is essential for various industries, including:Government Contractors Required for compliance with CMMC and NIST 800-171 to protect Controlled Unclassified Information (CUI).Healthcare Organizations Supports HIPAA compliance and protects patient data.Financial Services Ensures data security and fraud prevention.Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) Helps secure client environments and meet contractual security requirements.Technology & Cloud Service Providers Enhances cloud security practices and aligns with federal cybersecurity initiatives.Key NIST Frameworks for ComplianceNIST offers multiple cybersecurity frameworks, but the most relevant for service providers include:NIST Cybersecurity Framework (CSF 2.0): A flexible, risk-based framework designed for businesses of all sizes and industries. It consists of six core functionsIdentify, Protect, Detect, Respond, Recover, and Governto help organizations strengthen their security posture.NIST 800-53: A comprehensive set of security and privacy controls designed for federal agencies and contractors. Many private-sector organizations also adopt these controls to standardize cybersecurity measures.NIST 800-171: Focused on protecting Controlled Unclassified Information (CUI) in non-federal systems, particularly for companies that work with the Department of Defense (DoD) and other government agencies.Common Challenges in Achieving NIST Compliance for Clients and How to Overcome ThemHere are some common challenges service providers encounter when working to achieve NIST compliance and strategies to overcome them:Incomplete Asset Inventory: An incomplete asset inventory is a common challenge due to the sheer number of assets organizations manage. To overcome this, many organizations rely on automated tools and routine audits to ensure all IT assets are accurately accounted for.Limited Budgets: Limited budgets are a frequent obstacle for many organizations, making it essential to focus on high-impact controls, leverage open-source tools, and automate compliance tasks to manage costs effectively.Third-Party Risks: Third-party risks pose significant challenges for organizations that rely on external vendors. To address this, many organizations conduct vendor assessments, include NIST-aligned clauses in contracts, and perform regular audits to ensure compliance.Addressing these challenges proactively helps streamline compliance, enhance security, and reduce risks.Step-by-Step Guide to Achieving NIST ComplianceAs mentioned above, achieving NIST compliance for clients presents numerous challenges for service providers, making the process complex and daunting. In fact, 93% of service providers struggle to navigate cybersecurity frameworks like NIST or ISO, and a staggering 98% report feeling overwhelmed by compliance requirements, with only 2% expressing confidence in their approach. However, by adopting a step-by-step method, service providers can simplify the process, making compliance more manageable and accessible for MSPs and MSSPs. The main steps for achieving NIST Compliance are:Conduct a Gap AnalysisDevelop Security Policies and ProceduresConduct a Comprehensive Risk AssessmentImplement Security ControlsDocument Compliance EffortsConduct Regular Audits and AssessmentsContinuous Monitoring and ImprovementExplore our comprehensive guide for a detailed approach to achieving NIST compliance.The Role of Automation in NIST ComplianceAligning with NIST guidelines enables MSPs and MSSPs to operate more efficiently by providing a clear and standardized framework, eliminating the need to create new processes for each client. Integrating automation tools like Cynomi's platform further enhances efficiency by streamlining risk assessments, monitoring security controls, and generating compliance reports with minimal manual effort. This approach saves time by automating risk assessments and compliance documentation, improves accuracy by reducing human error in compliance tracking, and simplifies audits with pre-built reports and templates. Cynomi's platform is particularly effective, automating risk identification, scoring, and compliance documentation while reducing manual work by up to 70%.ConclusionAchieving NIST compliance is a vital step for service providers aiming to protect client data, enhance security posture, and build lasting trust. A structured approach - combined with automated tools - makes it easier to manage compliance efficiently and proactively. By adopting NIST frameworks, service providers can not only meet regulatory requirements but also gain a competitive advantage in the cybersecurity market.For a detailed look at how to achieve NIST compliance, explore our comprehensive guide here.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials."Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis published Tuesday.Outlaw is also the name given to the threat actors behind the malware. It's believed to be of Romanian origin. Other hacking groups dominating the cryptojacking landscape include 8220, Keksec (aka Kek Security), Kinsing, and TeamTNT.Active since at least late 2018, the hacking crew has brute-forced SSH servers, abusing the foothold to conduct reconnaissance and maintain persistence on the compromised hosts by adding their own SSH keys to the "authorized_keys" file.The attackers are also known to incorporate a multi-stage infection process that involves using a dropper shell script ("tddwrt7s.sh") to download an archive file ("dota3.tar.gz"), which is then unpacked to launch the miner while also taking steps to remove traces of past compromises and kill both the competition and their own previous miners.A notable feature of the malware is an initial access component (aka BLITZ) that allows for self-propagation of the malware in a botnet-like fashion by scanning for vulnerable systems running an SSH service. The brute-force module is configured to fetch a target list from an SSH command-and-control (C2) server to further perpetuate the cycle.Some iterations of the attacks have also resorted to exploiting Linux- and Unix-based operating systems susceptible to CVE-2016-8655 and CVE-2016-5195 (aka Dirty COW), as well as attack systems with weak Telnet credentials. Upon gaining initial access, the malware deploys SHELLBOT for remote control via a C2 server using an IRC channel.SHELLBOT, for its part, enables the execution of arbitrary shell commands, downloads and runs additional payloads, launches DDoS attacks, steals credentials, and exfiltrates sensitive information.As part of its mining process, it determines the CPU of the infected system and enables hugepages for all CPU cores to increase memory access efficiency. The malware also makes use of a binary called kswap01 to ensure persistent communications with the threat actor's infrastructure."Outlaw remains active despite using basic techniques like SSH brute-forcing, SSH key manipulation, and cron-based persistence," Elastic said. "The malware deploys modified XMRig miners, leverages IRC for C2, and includes publicly available scripts for persistence and defense evasion."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.