Introduction In February 2023, a third-party security report was released, revealing some shocking findings about the current state of cybersecurity. The report, which was conducted by a team of cybersecurity experts, analyzed data from various industries and companies around the world. The findings are alarming, and they highlight the need for companies to take cybersecurity…
The White House has released a new National Cybersecurity Strategy detailing how the US government plans to secure cyber infrastructure, protect American citizens, and promote American values. The strategy has four pillars: protecting American infrastructure, combating cybercrime and improving incident response, promoting American influence abroad, and developing a cyber workforce. It also includes a plan…
GDPR, HIPAA, FERPA, CCPA, CPRA, PIPL… This is not a cat-running-over-the-keyboard situation, or someone playing Wordle after too many margs. The above spoonful of alphabet is just a tiny list of privacy regulations that an organization must track if it is handling customer data. One way to follow the evolving laws is to implement a…
What’s happened? Just days before Christmas, when most people probably weren’t paying too much attention, password management service LastPass revealed that hackers had accessed customers’ password vaults. You’re probably thinking of the original announcement LastPass made back on August 25 2022, where it said that a hacker had managed to gain access to a developer’s…
Artificial intelligence (AI) has the potential to revolutionize the field of cybersecurity by enabling computers to autonomously detect and respond to threats. With the ability to analyze vast amounts of data and identify patterns that may indicate a cyber attack is imminent, AI can help organizations to proactively defend against cyber threats and reduce their…
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that’s designed to specifically cater to mobile malware operators. The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks…
It’s perhaps no surprise that when somebody comes up with a great fix in life, few people actually use it—many a Scrub Daddy, Squatty Potty, and Rapid Ramen Cooker stay sealed and unopened, despite being upgrades to their predecessors. In the security space, better versions of products are released all the time, at high speeds,…
This article is meant to call out some of the items some companies or people might not understand about the ASV program. Most of the content is directly from the program guide that can be found on the PCI Councils website. This is in no way a full description of the program guide or a…
With the development of PCI DSS v4 most of the changes are in the Report on Compliance (ROC) but there are also updates to the SAQ’s to align with the new standards. Here are some of the highlights and clarifications for the new SAQs. The responsibilities for merchants for which form they need to fill…
I get asked all the time what periodic or significant change means in PCI. Here is a breakdown of what the PCI DSS means for each. Timeframes in PCI DSS Descriptions and Examples Daily Every day of the year (not only on business days). Weekly At least once every seven days. Monthly At least once …
