POPULARITY
Aujourd'hui je te parle de la "Shahada" , la profession de foi.
On Sunday, November 10, 2024, Elder Wayne Wylie lead a discussion on sections 4 and 5 of chapter 1 of the Westminster Confession of Faith. 4. The authority of the Holy Scripture, for which it ought to be believed, and obeyed, dependeth not upon the testimony of any man, or church; but wholly upon God (who is truth itself) the author thereof: and therefore it is to be received, because it is the Word of God. 5. We may be moved and induced by the testimony of the church to an high and reverent esteem of the Holy Scripture. And the heavenliness of the matter, the efficacy of the doctrine, the majesty of the style, the consent of all the parts, the scope of the whole (which is, to give all glory to God), the full discovery it makes of the only way of man's salvation, the many other incomparable excellencies, and the entire perfection thereof, are arguments whereby it doth abundantly evidence itself to be the Word of God: yet notwithstanding, our full persuasion and assurance of the infallible truth and divine authority thereof, is from the inward work of the Holy Spirit bearing witness by and with the Word in our hearts.
In this episode of Short Brand Story recorded during the HITRUST Collaborate 2024 conference, Sean Martin sits down with Josh LaDeau, a prominent figure in the world of cyber insurance. Josh, who represents Trium Cyber, illuminates the crucial aspects of cyber insurance, from data integrity to market challenges. Trium Cyber is known for its specialty in providing cyber property, E&O, and miscellaneous coverages.Josh emphasizes the importance of data in the insurance industry, explaining how accurate, structured data provided by HITRUST aids in underwriting processes. The partnership with HITRUST brings a unique advantage by ensuring data consistency and structure. This elevates the underwriting process by reducing ambiguities in policy applications and promoting data security. Josh highlights that this collaboration allows clients to present their data in a more uniform manner, making it easier for insurers to assess and underwrite policies accurately.Moreover, the HITRUST R2 framework is particularly beneficial for clients, offering a higher quality of data that leads to better coverage options and advantageous premium pricing. Josh points out that a third-party attestation by HITRUST not only assures data integrity but also qualifies clients for a dedicated credit, further enhancing their position in the market.The episode underscores the value Trium Cyber brings to its clients, focusing on technological acumen and a keen understanding of the cyber insurance landscape. This partnership is poised to make a significant impact in making cyber insurance more accessible and reliable for businesses.Learn more about Trium Cyber: https://itspm.ag/hitrusi2itNote: This story contains promotional content. Learn more.Guest: Josh LaDeau, CEO, Trium CyberResourcesLearn more and catch more stories from Trium Cyber: https://www.itspmagazine.com/directory/hitrustLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of Short Brand Story recorded during the HITRUST Collaborate 2024 conference, Sean Martin sits down with Josh LaDeau, a prominent figure in the world of cyber insurance. Josh, who represents Trium Cyber, illuminates the crucial aspects of cyber insurance, from data integrity to market challenges. Trium Cyber is known for its specialty in providing cyber property, E&O, and miscellaneous coverages.Josh emphasizes the importance of data in the insurance industry, explaining how accurate, structured data provided by HITRUST aids in underwriting processes. The partnership with HITRUST brings a unique advantage by ensuring data consistency and structure. This elevates the underwriting process by reducing ambiguities in policy applications and promoting data security. Josh highlights that this collaboration allows clients to present their data in a more uniform manner, making it easier for insurers to assess and underwrite policies accurately.Moreover, the HITRUST R2 framework is particularly beneficial for clients, offering a higher quality of data that leads to better coverage options and advantageous premium pricing. Josh points out that a third-party attestation by HITRUST not only assures data integrity but also qualifies clients for a dedicated credit, further enhancing their position in the market.The episode underscores the value Trium Cyber brings to its clients, focusing on technological acumen and a keen understanding of the cyber insurance landscape. This partnership is poised to make a significant impact in making cyber insurance more accessible and reliable for businesses.Learn more about Trium Cyber: https://itspm.ag/hitrusi2itNote: This story contains promotional content. Learn more.Guest: Josh LaDeau, CEO, Trium CyberResourcesLearn more and catch more stories from Trium Cyber: https://www.itspmagazine.com/directory/hitrustLearn more about HITRUST: https://itspm.ag/itsphitwebLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
06th Nov: Blockchain DXB Podcast
In this livestream audio Will responds to Alisa Childers and her claims on early attestation of PSA in the church. In this episode Will even reads from Augustine and DEFENDS HIM (hold your gasps). Support The Ministry: https://patreon.com/thechurchsplit Order My Book: https://a.co/d/6vDpuUY Donate: https://www.paypal.com/donate/?hosted_button_id=DNCPKRQVTBD5E Music Credit: Bensound, High Octane - #2215113
The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization's unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN's experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The focus is on HITRUST assessments, specifically the e1 certification, which provides an entry-level approach to cybersecurity compliance. The session emphasizes that compliance is an ongoing process and highlights the HITRUST e1 framework's adaptability to evolving threats. It also discusses the value proposition of the e1 certification, its affordability, and its suitability for low-risk organizations, as well as its synergies with existing SOC2 and ISO certifications.A-LIGN was founded in 2009 by CEO Scott Price to help companies like yours navigate the complexities of cybersecurity and compliance by offering customized solutions that align specifically with each organization's unique goals and objectives. We believe your business can reach its fullest potential by aligning compliance objectives with strategic objectives. Working with small businesses to global enterprises, A‑LIGN's experts coupled with our proprietary compliance management platform, A‑SCEND, are transforming the compliance experience.A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor.Learn more about A-LIGN: https://itspm.ag/a-lign-uz1wNote: This story contains promotional content. Learn more.Guest: Shreesh Bhattarai, Director of HITRUST, A-LIGN [@aligncompliance]On LinkedIn | https://www.linkedin.com/in/shreesh-bhattarai-cisa-ccsk-hitrust-ccsfp-chqp-5a052837/ResourcesLearn more and catch more stories from A-LIGN: https://www.itspmagazine.com/directory/a-lignLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Are you struggling to navigate the complex world of gag clause attestation requirements? In this must-watch episode of Shift Shapers, Jennifer Berman, JD, CEO of MZQ Consulting, provides a comprehensive breakdown of everything plan sponsors and advisors need to know about these critical compliance requirements.From the Consolidated Appropriations Act of 2021 to today's implementation challenges, discover how these regulations are reshaping healthcare plan transparency. Jennifer explains why many contracts still contain illegal gag clauses in 2024 and what this means for your organization. Learn about the crucial differences between fully-insured and self-funded plans, and how these differences impact your compliance obligations.Key topics covered:Detailed explanation of gag clauses and their impact on healthcare plansStep-by-step guide to annual CMS attestation requirementsUnderstanding potential penalties and enforcement mechanismsNavigation of the HIOS system reporting processCritical differences between fully-insured vs. self-funded plan requirementsPractical strategies for verifying gag clause complianceTips for accessing and utilizing plan data effectivelyReal-world challenges in contract review and complianceThis episode delivers essential insights for anyone involved in healthcare plan administration and compliance. Whether you're managing benefits for your organization, advising clients on their healthcare plans, or ensuring regulatory compliance, you'll gain valuable knowledge about navigating these complex requirements. Jennifer's expertise provides actionable guidance for insurance professionals, consultants, and organizational leaders who need to understand and implement these critical transparency regulations.In This Episode00:00 Introduction to Gag Clause Attestation00:45 Understanding Gag Clauses01:39 Legal Requirements and Compliance03:00 Challenges and Real-World Implications04:58 Access to Plan Data and Its Importance07:11 Reporting and Documentation07:33 Understanding Certification and Penalties10:02 Annual Reporting Requirements10:18 Advisor's Role in Compliance10:40 Self-Funded vs Fully Insured Plans13:03 Ensuring No Gag Clauses13:20 Final Thoughts and Key Takeaways14:39 Conclusion and Farewell
दस्ताऐवज को साक्षांकित करना इसका क्या मतलब होता है यह जानिए #attestation
As the world moves “on-chain,” so too will the need for auditors. With auditors naturally evolving their practices from periodic paper reporting, to digitally native, API-enabled, Oracle-ready, and real-time reporting. But how do auditors bridge the gap and how can the auditing industry as a whole remove the technical barriers to entry? Enter LedgerLens, a platform made for auditors, by auditors. Providing a suite of crypto-audit and attestation tools, enabling auditors to complete financial statement audits with digital assets on the balance sheet. LedgerLens also provides additional “Proof of Reserve”-specific tooling, enabling you to take on new engagements for stablecoins, exchanges, and RWAs. ✅ OUR RESOURCES ✨Become a confident Web3 Accountant with our weekly free newsletter: https://www.theaccountantquits.com/newsletter
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss new features and updates in Intune, including autopilot for existing devices, Intune enrollment attestation, and mobile application management (MAM). They explain how autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence. They also highlight the importance of monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards. Takeaways - Autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence. - Monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards are important for protecting corporate data. -Intune enrollment attestation stores the MDM ID in the TPM of the device, preventing attacks that export the MDM device to attack other devices. -Mobile application management (MAM) is a lightweight way to protect corporate data on unmanaged devices, and it can be used in conjunction with MDM on managed devices. -MAM capabilities are now available for Windows 365 and AVD clients on Windows, iOS, PadOS, and Android clients, allowing for more secure access to corporate data. ---------------------------------------------------- YouTube Video Link: https://youtu.be/R8GYUQjr7ds ---------------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-upcoming-changes-for-deploying-windows-autopilot-for/ba-p/4181554 https://learn.microsoft.com/en-us/autopilot/existing-devices https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-attestation#resources https://techcommunity.microsoft.com/t5/windows-it-pro-blog/mam-preview-for-windows-365-and-azure-virtual-desktop/ba-p/4171051 https://learn.microsoft.com/en-us/mem/intune/protect/mobile-threat-defense ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
July 19, 2024: Wes Wright, Chief Healthcare Officer at Ordr joins Drex for the news. They explore the persistent vulnerabilities of medical devices, highlighting the importance of segmentation and the challenges posed by unpatched systems. How can healthcare organizations balance the need for cybersecurity with the operational realities of small, resource-constrained hospitals? Drex and Wes also delve into the implications of upcoming regulations and the potential benefits and limitations of tech giants like Google and Microsoft offering free services to support smaller hospitals. The conversation covers the complexity of third-party risk management and the necessity of rigorous attestation processes post-breach. As cybersecurity threats evolve, what strategies should healthcare providers adopt to protect their networks and ensure patient safety?Key Points:00:00 Introduction and Sponsor Message02:15 Medical Device Vulnerabilities06:03 Regulations and Free Support for Small Hospitals13:14 Challenges with Attestation and Third-Party Risk Management18:05 Conclusion and Upcoming EventsNews articles:Cyber attacks: How medical device manufacturers can protect themselvesRed Tape Is Making Hospital Ransomware Attacks WorseThis Week Health SubscribeThis Week Health TwitterThis Week Health LinkedinAlex's Lemonade Stand: Foundation for Childhood Cancer Donate
How can you protect your data with Confidential Compute and Containers? Ashish spoke to Zvonko Kaiser, Principal Systems Software Engineer, Confidential Containers and Kubernetes at Nvidia about confidential containers, confidential computing, and their importance in protecting sensitive data. They speak about the various threat models, use cases, and the role of GPUs in enhancing compute power for AI workloads Guest Socials: Zvonko's Linkedin Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (01:45) A word from our sponsor SentinelOne (02:18) A bit about Zvonko (02:24) Encryption for Confidential Computing (04:20) Confidential Computing vs Confidential Containers (05:45) What sectors focus on Confidential Computing? (07:09) Common Threats in Confidential Computing (08:55) What is a Secure Enclave? (10:05) Value of Attestation for Confidential Computing (11:35) Lift and Shift Strategy for AI (13:59) The role of GPU in confidential Computing (15:37) Shared Responsibility with Confidential Computing (17:10) Confidential Computing project you can get involved in (18:16) The fun section
Resources: ----------------- Slides - https://hackmd.io/@dapplion/PeepAnEIP-7549 EIP - https://eips.ethereum.org/EIPS/eip-7549 Discussion - https://ethereum-magicians.org/t/eip-7549-move-committee-index-outside-attestation/16390 Other Resources: https://www.youtube.com/watch?v=URQZVqgKZI4&list=PL4cwHXAawZxqu0PKKyMzG_3BJV_xZTi1F&index=12&t=362s&pp=gAQBiAQB https://www.youtube.com/watch?v=g47MOV8ETB8&list=PL4cwHXAawZxqu0PKKyMzG_3BJV_xZTi1F&index=18&pp=gAQBiAQB https://www.youtube.com/watch?v=3cVhNXDTjgg&list=PL4cwHXAawZxqu0PKKyMzG_3BJV_xZTi1F&index=4&t=1766s&pp=gAQBiAQB https://www.youtube.com/playlist?list=PL4cwHXAawZxqu0PKKyMzG_3BJV_xZTi1F https://www.youtube.com/playlist?list=PL4cwHXAawZxqOHV_F40AJbzcl8b6tG8xw https://www.youtube.com/playlist?list=PL4cwHXAawZxoEw29YmqJtNoFaENUUAREn Check out upcoming EIPs in Peep an EIP series at https://github.com/ethereum-cat-herders/PM/projects/2 Follow at Twitter -------------------------- Dapplion https://twitter.com/@dapplion- Pooja Ranjan - https://twitter.com/poojaranjan19 Topics covered ------------------------- 0:10 - About EIP 1:18 - Meet dapplion 2:40 - Presentation begins 3:05 - Basic beconchain overview, LMD Ghost, Casper FFG 4:18 - What is attestation? 6:00 - EIP-7549 Benefits 9:56 - 64x more efficient light clients 10:35 - More efficient packaging onchain 11:14 - Why was it there in the first place? 11:52 - Old times, execution shards 12:37 - Pivot to rollups 13:53 - Security considerations 14:47 - First block after the fork will have zero attestation 16:46 - Deprecation strategy 18:09 - Status of EIP 19:56 - Pectra mascot - Giraffe 20:20 - End of presentation 20:53 - Inspiration behind EIP-7549 22:17 - Any other stakeholders involved with the proposal 23:08 - Challenges in implementation & complexities for the testing team 24:22 - Are there any backward compatibility? Anything EL devs to be aware of? 25:35 - Any tradeoffs you'd like to share? 26:53 - Community response and feedback on this proposal? 28:41 - How does this EIP fit into the Vision of Ethereum Roadmap? 29:33 - Best place for info on this proposal? 31:51 - Message to the Ethereum community
Trust is a subject we regularly discuss with our guests. How do we trust our users, how do we trust the software they want to run, how do we trust the devices they are on. In the modern world where you can't believe everything a computer or mobile device is telling you about itself, how do we make sure that the devices we are managing and granting access to the privileged information we need to secure are in fact what they say they are? Jedda Wignall put together a very comprehensive deep dive into Managed Device attestation last year and we've been looking forward to having him on the podcast to talk through it. Welcome to the MacAdmins Podcast Jedda! Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Jedda Wignall - LinkedIn Links: Managed Device Attestation for Apple devices - a technical exploration Managed Device Attestation for Apple devices – Apple Platform Deployment Guide Smallstep - ACME Device Attestation Explained Google Linux Attestation (GitHub) google/go-attestation Duo Security - MDM Me Maybe: Device Enrollment Program Security Sponsors: Kandji 1Password Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson
A seasoned crypto activist, Angus Tookey has been building in the space since 2018. Angus has spoken at many major conferences and Ethereum community events, advocating for more transparency, verifiability, and resilience in the DeFi space. Founding a successful digital marketing agency in London, UK, Angus went on to lead marketing and communications across a range of sectors in crypto, including Layer 1s, DeFi, Incubation, and Venture, before joining MakerDAO to lead the public launch and growth of Chronicle Protocol. --- Support this podcast: https://podcasters.spotify.com/pod/show/crypto-hipster-podcast/support
Josh and Kurt talk about a new to sign artifacts on GitHub. It's in beta, it's not going to be easy to use, it will have bugs. But that's all OK. This is how we start. We need infrastructure like this to enable easier to use features in the future. Someday, everything will be signed by default. Show Notes GitHub artifact attestation
NetBSD 9.4, FreeBSD SSDF Attestation to Support Cybersecurity Compliance, The Lost Worlds of Telnet, alter file ownership and permissions with a feedback information, parallel raw IP input, OpenBSD routers on AliExpress mini PCs, FreeBSD for Devs. Plus a special interview with the organizers of BSDCAN 2024. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines NetBSD 9.4 (https://www.netbsd.org/releases/formal-9/NetBSD-9.4.html) FreeBSD Foundation Delivers V1 of FreeBSD SSDF Attestation to Support Cybersecurity Compliance (https://freebsdfoundation.org/blog/freebsd-foundation-delivers-v1-of-freebsd-ssdf-attestation-to-support-cybersecurity-compliance/) News Roundup The Lost Worlds of Telnet (https://thenewstack.io/the-lost-worlds-of-telnet/) How to alter file ownership and permissions with a feedback information (https://sleeplessbeastie.eu/2024/04/18/how-to-alter-file-ownership-and-permissions-with-a-feedback-information/) Coming soon to a -current system near you: parallel raw IP input (https://www.undeadly.org/cgi?action=article;sid=20240418050520) OpenBSD routers on AliExpress mini PCs (https://www.srcbeat.com/2024/02/aliexpress-openbsd-router/) FreeBSD for Devs (https://dev.to/scovl/freebsd-for-devs-3n0k) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Daniel - jail issue (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/556/feedback/Daniel%20-%20jail%20issue.md) Rick - ZFS (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/556/feedback/Rick%20-%20ZFS.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)
Companies subject to multiple sustainability reporting regulations are sorting through how best to meet each framework's requirements in an effective and efficient manner. In this episode, host Heather Horn sits down with Valerie Wieman, PwC National Office Partner, to discuss the concepts of interoperability and equivalence across global sustainability reporting frameworks as well as the importance of a data-driven assessment.In this episode, we discuss:2:31 - Defining the concepts of interoperability and equivalence3:29 - What a “data first” approach means when it comes to preparing for compliance4:51 - Overview of interoperability and equivalence in the major frameworks14:00 - Timing considerations across frameworks19:18 - Differences in scope and materiality among frameworks24:59 - Attestation and assurance requirements across frameworks31:29 - Getting started on compliance and how best to leverage interoperability opportunitiesLooking for the latest developments in sustainability reporting? Follow this podcast on your favorite podcast app and subscribe to our weekly newsletter to stay in the loop for the latest thought leadership on sustainability standards.Valerie Wieman is a PwC National Office partner with over 30 years of experience. She helps lead the creation, development, and publication of our brand-defining thought leadership, with a focus on domestic and international sustainability requirements.Heather Horn is the PwC National Office Sustainability & Thought Leader, responsible for developing our communications strategy and conveying firm positions on accounting, financial reporting, and sustainability matters. In addition, she is part of PwC's global sustainability leadership team, developing interpretive guidance and consulting with companies as they transition from voluntary to mandatory sustainability reporting. She is also the engaging host of PwC's accounting and reporting weekly podcast and quarterly webcast series.Transcripts available upon request for individuals who may need a disability-related accommodation. Please send requests to us_podcast@pwc.com.
durée : 00:02:01 - Le vrai ou faux - Alors que la flamme olympique est allumée à Olympie (Grèce), franceinfo a vérifié trois affirmations qui circulent sur les réseaux sociaux à l'approche des Jeux olympiques à Paris.
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers an OMB memo directing agencies to advance AI governance and innovation, a bid protest involving compliance with the Trade Agreements Act, and an updated Secure Software Development Attestation Form that must be used by certain software producers and suppliers of products containing software, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
New Brunswick colleges and universities are getting a bit of a break when it comes to international student recruitment. They will be able to send more letters to interested students that the federal government initially announced. We'll speak with a representative from St. Thomas University.
Josh and Kurt talk about the new SSDF attestation form from CISA. The current form isn't very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It's going to take a long time to see big changes in supply chain security, but we're confident they will come. Show Notes Secure Software Development Attestation Form The U.S. Military Is Missing Six Nuclear Weapons NIST 800-218
Keensight Capital, one of the leading private equity managers dedicated to pan-European Growth Buyout investments, is pleased to announce its investment in SoftCo ("the Company"), a global leader in Procure-to-Pay solutions. Keensight Capital acquired SoftCo from its founders, Jim Coffey and Susan Spence, and will support the Company in its next phase of growth. Established in 1990 and headquartered in Dublin, SoftCo is a fast-growing provider of Procure-to-Pay ("P2P") and Compliance software. SoftCo's solutions streamline financial processes, deliver greater control and visibility over spend and reduce the need for manual intervention. SoftCo's unique machine learning technology offers unrivalled automation rates, and the Company receives the highest customer satisfaction rankings in the industry. SoftCo is one of Ireland's most successful international software companies with global blue-chip customers and operations in the US, Finland, the UK and Ireland. SoftCo has grown to over a million users worldwide with annual recurring revenues growing at over 25% per annum and expected to further accelerate in the coming years. Susan Spence, co-founder of SoftCo, said: "We are proud of how SoftCo has grown and as we step back, the company has never been as strong. SoftCo has the best technology in the market and a growing global customer base. We would like to thank all our employees, customers and partners who joined us on the journey over the last 34 years." Jim Coffey, co-founder of SoftCo, added: "While we had approaches from many potential acquirers, Keensight Capital showed its ability to support the existing management team in achieving the next phase of growth. This was a major factor in our decision to select them." Keensight Capital will capitalise on its extensive knowledge of the Source-to-Pay sector, a large and fast-growing market characterised by increasing digitalisation, to support SoftCo in its next phase of growth. The management team, led by CEO Anton Scott, is investing alongside Keensight Capital and the partnership will drive further value creation through accelerated expansion into the North American market, continued investments in the technology platform and further leveraging partner channels. Yuri Mikhalev, Partner at Keensight Capital, concluded: "Over the years, we got to know the Company and its team well, and have been continuously impressed by SoftCo's unique know-how and leadership in the sector. This has allowed SoftCo to achieve strong profitable growth and remarkable expansion in North America. Leveraging our deep sector expertise from successful investments in Onventis and e-Attestation, we understand SoftCo's market and are well placed to contribute to the company's strategic vision and growth." See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience. You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.
Chrome Corps - "Body Attestation," a 2024 single on Eskimo Recordings Seattle's own Chrome Corps brings an industrial edge to their dystopic EBM sound, especially on today's Song of the Day, which can be found on the Eskimo Recordings compilation Next Wave Acid Punx DEUX - Secret Cuts. The comp is a companion to last year's collection, Curses' Next Wave Acid Punx DEUX, also curated by Berlin-based DJ Luca Venezia, AKA Curses. As Curses states in a press release, "Curating Next Wave Acid Punx DEUX was a big puzzle, figuring out how to fit all these tracks across 6 different 12″s required a lot of calculations and, to be quite frank, I was never that great at maths. Unfortunately, this meant we had to cut some real heaters off of DEUX. But Eskimo and I decided that we couldn't let these gems go to dust. I've been DJing them loads in my sets, so it was only fair to share them with y'all to DJ and rage to yourselves. So, here it is… the final blast of bonus tracks for Next Wave Acid Punx DEUX: Secret Cuts." Read the full story at KEXP.orgSupport the show: https://www.kexp.org/donateSee omnystudio.com/listener for privacy information.
“The CAA was the most significant piece of healthcare legislation that we've had since the ACA.” - Sarah Borders Healthcare compliance, especially post-CAA, can be a complex thing for employers to navigate. There's an increased level of scrutiny on employers, with heavy fees for those who don't comply. This week on Self-Funded with Spencer I'm joined by Sarah Borders, co-founder of Benefits Compliance Solutions. Here are a few key takeaways for consultants: Understanding compliance: Navigating the complex regulations and avoid costly mistakes. Turning compliance into an advantage: Discover how you as a consultant can leverage compliance as a prospecting tool, saving clients from lawsuits, penalties, and headaches. Embracing the benefits of regulation: Understand the purpose of the CAA and how it exposes bad practices, ultimately improving healthcare for everyone. Join us this week on Self-Funded with Spencer to learn how to not get sued. Chapters: 0:00 - Meet Sarah Borders 6:37 - Sarah's Journey To Compliance Expertise 14:05 - The Shift Towards Data-Driven Compliance 17:33 - Remote Work As An Entrepreneur 27:01 - Effective Communication = Effective Information 34:57 - Legal Repercussions Of Cobra Compliance 41:34 - Group Health Plan Compliance 46:20 - Yearly Attestation 54:04 - The Impact Of Regulations On Transparency 1:01:21 - Empowering Clients and Consultants 1:04:38 - The Impact Of CAA On Group Health Plans Key Links for Social: @SelfFunded on YouTube for video versions of the podcast and much more - https://www.youtube.com/@SelfFunded Listen on Spotify - https://open.spotify.com/show/1TjmrMrkIj0qSmlwAIevKA?si=068a389925474f02 Listen on Apple Podcasts - https://podcasts.apple.com/us/podcast/self-funded-with-spencer/id1566182286 Follow Spencer on LinkedIn - https://www.linkedin.com/in/spencer-smith-self-funded/ Follow Spencer on Instagram - https://www.instagram.com/selffundedwithspencer/ Key Words: #insurance #compliance #industrytrends #ACA #caa #levelfundedplans #Cobra #CobraCompliance #grouphealthplan #ConsolidatedAppropriationsAct #attestation #regulations #consulting #futureofcompliance #healthcarecompliance #selffunded #selffunding #podcast Insurance, Compliance, Industry Trends, ACA, CAA, Cobra, Cobra Compliance, Group Health Plan, Consolidated Appropriations Act, Attestation, Regulations, Consulting, Future Of Compliance, Healthcare Compliance, Self Funded, Self Funding, Podcast --- Support this podcast: https://podcasters.spotify.com/pod/show/spencer-harlan-smith/support
“The CAA was the most significant piece of healthcare legislation that we've had since the ACA.” - Sarah Borders Healthcare compliance, especially post-CAA, can be a complex thing for employers to navigate. There's an increased level of scrutiny on employers, with heavy fees for those who don't comply. This week on Self-Funded with Spencer I'm joined by Sarah Borders, co-founder of Benefits Compliance Solutions. Here are a few key takeaways for consultants: Understanding compliance: Navigating the complex regulations and avoid costly mistakes. Turning compliance into an advantage: Discover how you as a consultant can leverage compliance as a prospecting tool, saving clients from lawsuits, penalties, and headaches. Embracing the benefits of regulation: Understand the purpose of the CAA and how it exposes bad practices, ultimately improving healthcare for everyone. Join us this week on Self-Funded with Spencer to learn how to not get sued. Chapters: 0:00 - Meet Sarah Borders 6:37 - Sarah's Journey To Compliance Expertise 14:05 - The Shift Towards Data-Driven Compliance 17:33 - Remote Work As An Entrepreneur 27:01 - Effective Communication = Effective Information 34:57 - Legal Repercussions Of Cobra Compliance 41:34 - Group Health Plan Compliance 46:20 - Yearly Attestation 54:04 - The Impact Of Regulations On Transparency 1:01:21 - Empowering Clients and Consultants 1:04:38 - The Impact Of CAA On Group Health Plans Key Links for Social: @SelfFunded on YouTube for video versions of the podcast and much more - https://www.youtube.com/@SelfFunded Listen on Spotify - https://open.spotify.com/show/1TjmrMrkIj0qSmlwAIevKA?si=068a389925474f02 Listen on Apple Podcasts - https://podcasts.apple.com/us/podcast/self-funded-with-spencer/id1566182286 Follow Spencer on LinkedIn - https://www.linkedin.com/in/spencer-smith-self-funded/ Follow Spencer on Instagram - https://www.instagram.com/selffundedwithspencer/ Key Words: #insurance #compliance #industrytrends #ACA #caa #levelfundedplans #Cobra #CobraCompliance #grouphealthplan #ConsolidatedAppropriationsAct #attestation #regulations #consulting #futureofcompliance #healthcarecompliance #selffunded #selffunding #podcast Insurance, Compliance, Industry Trends, ACA, CAA, Cobra, Cobra Compliance, Group Health Plan, Consolidated Appropriations Act, Attestation, Regulations, Consulting, Future Of Compliance, Healthcare Compliance, Self Funded, Self Funding, Podcast --- Support this podcast: https://podcasters.spotify.com/pod/show/spencer-harlan-smith/support
✨ Subscribe to the Green Pill Podcast ✨ https://pod.link/1609313639
✨ Subscribe to the Green Pill Podcast ✨ https://pod.link/1609313639
December 31, 2023 is the deadline for submission of the inaugural Section 201 Gag Clause Prohibition Compliance Attestation to the Departments of Labor, Health and Human Services, and the Treasury. The federal government passed the Consolidated Appropriations Act in 2020 (CAA) with the goal of improving price and quality transparency in healthcare. Specifically, Section 201 of the CAA prohibits employers/plan sponsors from entering into contractual arrangements that contain “gag clauses.” To ensure compliance, Section 201 requires that plans submit an annual attestation that the plan did not enter any agreements that contain gag clauses. Jennifer Malik, Shareholder at Babst Calland, provides practical insight to ensure that your company is compliant. Malik's healthcare benefits administration practice includes counseling firm clients on a wide array of federal and state health laws and regulations, including compliance under HIPAA, the Affordable Care Act, the Consolidated Appropriations Act, and the Public Health Services Act. She also assists Firm clients in providing comprehensive coverage analyses under commercial liability, property, professional liability, and fiduciary policies.
Starknet releases details for its $STRK token distribution. Sismo winds down its attestation protocol. Voting concludes for Optimism's third RetroPGF round. And Brahma deploys to mainnet. Sponsor: Harpie is an onchain security solution that protects your wallet from theft in real time. Harpie helps you detect and block suspicious transactions before they execute, safeguarding your assets from malicious attacks and scams. Try Harpie for free at harpie.io/ethdaily.
Host David Johnson interviews Kenneth Cleveland, M.D., Executive Director, of the Mississippi State Board of Medical Licensure, regarding the attestation model for physician wellness.
In this episode, Chris and Colleen provide key insights on what employers need to know about Gag Clause Prohibition Compliance Attestation (GCPCA). They also discuss details on the first Gag Clause Attestation due by December 31, 2023 and what some carriers are planning in response to reporting requirements. • What is a gag clause? • Why is this required? • Does this apply to all employers in all states? To learn more, contact our team today: https://www.savoyassociates.com/employer-services#contactESCform
Resources: ----------------- https://holesky.ethpandaops.io Public RPCs - https://rpc.holesky.ethpandaops.io Beaconchain explorer - https://holesky.beaconcha.in Dora the explorer - https://dora-holesky.pk910.de/ Launchpad - https://holesky.launchpad.ethereum.org Guide: https://notes.ethereum.org/@launchpad... Slides - https://docs.google.com/presentation/... PEEPanEIP - • PEEPanEIP Dencun - • Dencun Check out upcoming EIPs in Peep an EIP series at https://github.com/ethereum-cat-herde... Follow at Twitter -------------------------- Parithosh Jayanthi @parithosh_j |Philipp Kreil @_pk910_ | Barnabas Busa @BarnabasBusa | Afri Schoedon @q9fcc | Pooja Ranjan @poojaranjan19 Topics Covered -------------------------- 00:30- Intro to the topic and team 1:28 - Meet @parithosh_j 1:42 - Meet @BarnabasBusa 1:59 - Meet @_pk910_ 2:14 - Meet @q9fcc 3:14 - Presentation - what is Holesky? 4:32 - Why replace the Goerli testnet? 5:53 - Predictable Ethereum testnet lifecycle 7:43 - Preparations & tests before Holesky launch 9:32 - Data gathering - metrics 10:45 - Issues identified 13:13 - Bigboi-beaconchain-1 Test results 14:40 - Bigboi-beaconchain-2 Test results 16:15 - Holesky launch 1 17:23 - Holesky launch 2 19:45 - Attestation propagation on the network 20:13 - Current Holesky network 20:45 - What's next for Holesky & Goerli? 21:35 - Holesky resources 22:24 - Funding in Holesky 24:40 - Drip-based funding contract 25:55 - Get funds from faucets 26:31 - Next Testnet 27:50 - How was it named “Holesky”? 29:39 - Why limit onboarding large validators? 31:55 - eip7514 will be good to test when ready for Dencun testing 34:00 - what change in 2nd launch? 35:00 - Public testnet timeline? 36:45 - What will Devnet 10 include? 40:00 - what about eip-7516? 40:45 - Is Holesky Dencun ready testnet? 42:15 - Order of testnet 43:30 - What will happen to Goerli testnet? 47:06 - Documentation available? 48:20 - Questions answered after the call. 49:40 - Message to the community
The danger of drifting away from Jesus. Antidote: I. Pay much closer attention to the Gospel, v1. II. Contemplate the certain judgment of rejecting the Gospel, v2. III. Consider the truth of the claims of the Gospel, vv3-4.
Most people hate dealing with CAPTCHA, but it offers great benefits for web site operators. In this episode we discuss alternatives to CAPTCHA, how they work, and their pros and cons. Plus, the Get-Off-My-Lawn! browser returns.
I'd use this space to define the term "street cred", but Cory does it in the episode almost right away. Speaking of street cred, that Noah Webster's got it in spades when it comes to defining things.
On today's episode we welcome Bryce Patrick and Steve Dakh from the Ethereum Attestation Service. EAS is a new public good, open, permissionless, and token free. Is this the key unlock for decentralized identity through crypto? ------ ✨ DEBRIEF | Ryan & David unpacking the episode: https://www.bankless.com/debrief-eas/ -----
Blake and David discuss issues relating to the accounting profession's talent pipeline, including a high school student's negative experience in her first accounting class and efforts by state CPA societies to reduce licensing barriers. They move on to tech topics, like the slow adoption of AI tools such as ChatGPT among accountants and new product features announced by Intuit and Xero. Wrapping things up, they share listener feedback on finding resources to learn new accounting software and workflows and provide commentary on app subscription price increases and the need for accountants to price their services properly.Sponsors OnPay - https://cloudaccountingpodcast.promo/onpay CCH Access - https://cloudaccountingpodcast.promo/axcess Keeper - https://cloudaccountingpodcast.promo/keeperChapters (00:00) - Preview: Accountants need to charge more (01:02) - Welcome to The Accounting Podcast : Blake talks to high school senior in an accounting class (10:41) - The South Carolina Accociation of CPAs introduces new changes to 150 rule (20:02) - Air traffic controllers are understaffed and narrowly avoiding disaster (23:51) - The number of EA's in The NAEA is down 23% over the last 5 years (26:10) - Comparing air traffic controller shortage to accounting shortage (31:26) - Attestation reports are not audits (34:09) - Listener mail from a bookkeeper asking for recommendations on how to learn QuickBooks better (40:36) - What should firms do when accounting software raise their prices? (46:26) - LegalZoom launches LegalZoom Books (49:02) - How many Ohio CPAs have tried ChatGPT at all? (51:57) - Intuit released their year end earnings (55:07) - Some new Xero AI news & Xerocon is back in the US for 2024 (59:15) - Relay ups FDIC insurance to $2.5 million and Stripe offers sales tax calculations (01:01:25) - Wrap up and where to reach us Need CPE? Subscribe to the Earmark Accounting Podcast: https://podcast.earmarkcpe.comGet CPE for listening to podcasts with Earmark CPE: https://earmarkcpeShow NotesProduct wrap from Xerocon Sydney 2023 | Xero Blog https://www.xero.com/blog/2023/08/product-wrap-from-xerocon-sydney-2023/ 150 Hours is a Barrier – Really! - Going Concern https://www.goingconcern.com/150-hours-is-a-barrier-really/ Jacob Schroeder: 86% of OSCPA Town Hall attendees have not used ChatGPT at allhttps://x.com/jacobbschroeder/status/1694748226904060157?s=12 SCACPA Proposing Legislation to Address Pipeline Challenges – SCACPAhttps://www.scacpa.org/scacpa-proposing-legislation-to-address-pipeline-challenges/ Airline Close Calls Happen Far More Often Than Previously Knownhttps://www.nytimes.com/interactive/2023/08/21/business/airline-safety-close-calls.html Please join the Arizona State Society of Enrolled Agents “Town Hall” https://aztaxpros.org/images/meeting/082323/Town_Hall/azsea_invite_to_town_hall_on_aug_23__2023.pdf Question from a bookkeeperhttps://www.linkedin.com/feed/update/urn:li:activity:7094151084134338560/Upcoming changes to QuickBooks Desktop pricing + FAQshttps://www.firmofthefuture.com/product-update/quickbooks-desktop-pricing-changes/ Dext pricing change from today https://www.accountingweb.co.uk/any-answers/dext-pricing-change-from-today Introducing Ramp Plus https://ramp.com/blog/introducing-ramp-plus Fintech Ramp is Raising Capital at $5.5 Billion Valuation, Down 30% https://www.theinformation.com/articles/fintech-ramp-is-raising-capital-at-5-5-billion-valuation-down-30 Accountants face up to the cost of cloud app stacks https://www.accountingweb.co.uk/tech/tech-pulse/accountants-face-up-to-the-cost-of-cloud-app-stacks Stripe Unveils “Tax for Platforms” to Streamline Tax Compliance for Small Businesses https://smallbiztrends.com/2023/08/stripe-unveils-tax-for-platforms-to-streamline-tax-compliance-for-small-businesses.html Intuit (INTU) Q4 2023 Earnings Call Transcript https://www.fool.com/earnings/call-transcripts/2023/08/24/intuit-intu-q4-2023-earnings-call-transcript/ Why Students Opt for Accounting (or Don't) https://cpatrendlines.com/2023/08/20/why-students-opt-for-accounting-or-dont/ CPA Exam Changes and Pipeline Woes Are a Perfect Storm of Problems For the Profession https://www.goingconcern.com/cpa-exam-changes-and-pipeline-woes-are-a-perfect-storm-of-problems-for-the-profession/ Stop calling them auditshttps://blockworks.co/news/blockchain-audits-ey FTX Bankruptcy Burning Through $1.5M in Legal Costs Every Dayhttps://www.coindesk.com/policy/2023/08/23/ftx-bankruptcy-burning-through-15m-in-legal-costs-every-day/ 150 Hours is a Barrier - Really! https://www.goingconcern.com/150-hours-is-a-barrier-really/ SCACPA Proposing Legislation to Address Pipeline Challenges – SCACPAhttps://www.scacpa.org/scacpa-proposing-legislation-to-address-pipeline-challenges/ Xerocon Returns to the US https://www.intuitiveaccountant.com/education-hub/training-center/xerocon-returns-to-the-us/Get in TouchThanks for listening and for the great reviews! We appreciate you! Follow and tweet @BlakeTOliver and @DavidLeary. Find us on Facebook and, if you like what you hear, please do us a favor and write a review on iTunes, or Podchaser. Interested in sponsoring the Cloud Accounting Podcast? For details, read the prospectus, and NOW, you can see our smiling faces on Instagram! You can now call us and leave a voicemail, maybe we'll play it on the show. DIAL (202) 695-1040Need Accounting Conference Info? Check out our new website - accountingconferences.comLimited edition shirts, stickers, and other necessitiesTeePublic Store: http://cloudacctpod.link/merchSubscribe Apple Podcasts: http://cloudacctpod.link/ApplePodcasts Podchaser: http://cloudacctpod.link/podchaser Spotify: http://cloudacctpod.link/Spotify Stitcher: http://cloudacctpod.link/Stitcher Overcast: http://cloudacctpod.link/Overcast YouTube: https://www.youtube.com/c/CloudAccountingPodcast ClassifiedsFinDaily - https://findaily.io/ Forwardly - https://www.forwardly.com/Royalwise - https://royalwise.com/Want to get the word out about your newsletter, webinar, party, Facebook group, podcast, e-book, job posting, or that fancy Excel macro you just created? Why not let the listeners of The Cloud Accounting Podcast know by running a classified ad? Hit the link below to get more info.Go here to create your classified ad: https://cloudacctpod.link/RunClassifiedAd The full transcript for this episode is available by clicking on the Transcript tab at the top of this page
Resources: ----------------- EIP-7045 - https://eips.ethereum.org/EIPS/eip-7045 Slides - https://docs.google.com/presentation/... PEEPanEIP - • PEEPanEIP Dencun - • Dencun Check out upcoming EIPs in Peep an EIP series at https://github.com/ethereum-cat-herde... YT Shorts1: • Single Slot Finality is a really nice... Clip: • Cross layer EIPs need more coordinati... Full video: • Video Follow at Twitter -------------------------- dannyryan @dannyryan | Pooja Ranjan @poojaranjan19 Topics covered ------------------------- 0:25 - Skip Intro 1:38 - Meet Danny Ryan 2:52 - Blocks and Attestation 4:30 - Block tree 4:45 - Forkchoice rule: LMD-GHOST and FFG 5:53 - And potential re-orgs 6:15 - But not past FFG finalized checkpoints 7:00 - Attestation inclusion window 7:58 - Inclusion window in spec 9:21 - Counterfactual inclusion window 10:54 - EIP-7045: TL;DR 12:42 - Why EIP 7045? 15:18 - A Confirmation rule for Ethereum 20:17 - What is changing since the original beacon chain 22:15 - Single Slot Finality 23:50 - Fork time stamp 25:45 - Attestation data 26:55 - Consensus specs repo 28:52 - How to follow client implementation 30:20 - Consensus Upgrade specs repo 33:40 - Cross Layer EIP 35:50 - Security consideration 37:30 - Thoughts on EIP documentation process 40:50 - Discussion to link for the CL proposal 45:50 - Sequential EIP number allocation 46:47 - A message to the validators community
Fastest 5 Minutes, The Podcast Government Contractors Can't Do Without
This week's episode covers an OMB memo that extends the deadline by which agencies must collect attestation letters from software producers certifying their compliance with the NIST Guidance, a proposed DFARS clause implementing revisions to the Buy American Act, an interim rule prohibiting the use of DoD funds to knowingly procure any products mined, produced, or manufactured wholly or in part by forced labor from the Xinjiang Uyghur Autonomous Region, and an ASBCA opinion about its jurisdiction to hear monetary and nonmonetary claims, and is hosted by Peter Eyre and Yuan Zhou. Crowell & Moring's "Fastest 5 Minutes" is a biweekly podcast that provides a brief summary of significant government contracts legal and regulatory developments that no government contracts lawyer or executive should be without.
On June 1, 2023 new rules for delivery of code signing certificates went into effect, requiring the certificate be delivered by secure HSM. In addition to shipping a token by mail, certificates can be electronically delivered to Subscriber-owned hardware that supports key attestation. In this episode we explain key attestation, supporting hardware, and the pros and cons of this method.
In this episode, we dive deep into the concept of attestation as it relates to building trust in our software and systems. Marcela Melara and Vinnie Scarlata take us on a technical tour of both software and remote attestation and how these relate to ideas we've covered previously with software supply chain security and confidential computing. We talk trust and integrity, standards and projects, and share some best practices. Guests: Dr. Marcela Melara is a research scientist in the Security and Privacy Group at Intel Labs. Her current work focuses on developing solutions for high-integrity software supply chains and building trustworthy distributed systems. She has several publications and patents filed related to her research, and leads a number of internal, academic and open-source efforts on software supply chain security. Prior to joining Intel, she received her PhD in Computer Science from Princeton University and did her undergraduate studies at Hobart and William Smith Colleges. She is a Siebel Scholar, a member of Phi Beta Kappa, and her research on CONIKS was awarded the Caspar Bowden PET Award. Outside of work, Marcela is an avid gardener, bookworm, hiker, and gamer. Vinnie Scarlata is a Principal Engineer in the Security & Privacy Research lab in Intel Labs. He is one of the architects for Intel® Software Guard Extensions and Trust Domain Extensions, and has 20+ years of research experience in various areas of security, e.g. Trusted Computing, Trusted Execution Environments (TEE), Attestation, Recoverable Platforms, Runtime Integrity, and Key Management. He has been granted 50+ patents and co-authored several papers. Vinnie received a MS in Information Security from Georgia Tech and a BS in Computer Science from the University of Massachusetts, Amherst.
Cl0p and LockBit exploit PaperCut vulnerability in ransomware campaigns. Infostealer traded in the C2C market. All ads are trying to get your money, but some just take it. CISA requests comment on software self-attestation form. Our guest is Marcin Kleczynski, CEO of Malwarebytes, sharing thoughts on the current threat landscape, attacks on students and academic institutions. Betsy Carmelite from Booz Allen, discussing themes from the RSAC tied into critical infrastructure resilience. Ukraine argues that cyberattacks against civilian infrastructure should be classified as war crimes. And are there any genuine disinterested hacktivists on Russia's side, or are they all fronts? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/82 Selected reading. Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware (The Hacker News) Microsoft: Clop and LockBit ransomware behind PaperCut server hacks (BleepingComputer) New 'Atomic macOS Stealer' Malware Offered for $1,000 Per Month (SecurityWeek) “Malverposting” — With Over 500K Estimated Infections, Facebook Ads Fuel This Evolving Stealer… (Guardio) Request for Comment on Secure Software Self-Attestation Common Form (CISA) OMB, CISA set to release common form for software self-attestation (FCW) Pro-Russian hacktivism isn't real, top Ukrainian cyber official says (CyberScoop) Pro-Russian hacktivism isn't real, top Ukrainian cyber official says (CyberScoop)