Cyberattack Disrupts US Auto Dealerships for Two Days
|

Cyberattack Disrupts US Auto Dealerships for Two Days

Car dealerships across the United States faced disruptions for two consecutive days this week due to cyberattacks targeting CDK Global, a major provider of dealership management software. CDK shut down most of its systems on Wednesday as they investigated the cyber incident. The outage impacted critical dealership operations such as sales and service, potentially affecting…

Vulnerability Management and PCI DSS: Unraveling Requirement 6.3.1
|

Vulnerability Management and PCI DSS: Unraveling Requirement 6.3.1

This article is the third and final installment in our series on PCI DSS version 4.0 requirement 6.3.1, which focuses on the identification and management of vulnerabilities. As one of the most complex and frequently misunderstood PCI DSS requirements, 6.3.1 significantly influences compliance programs, being referenced in ten other requirements. In parts one and two,…

Superintelligence: A Mind-Bending Exploration of Our AI-Powered Future

Superintelligence: A Mind-Bending Exploration of Our AI-Powered Future

Imagine a future where artificial intelligence (AI) surpasses human intelligence in all aspects. This is the thought-provoking world explored by Nick Bostrom, a philosopher at the University of Oxford, in his seminal book, “Superintelligence: Paths, Dangers, Strategies.” Bostrom delves deep into the potential consequences of creating superintelligence, the risks it might pose, and strategies for…

Navigating Risk Ranking for Robust PCI DSS Compliance
|

Navigating Risk Ranking for Robust PCI DSS Compliance

In the context of PCI DSS 4.0, targeted risk assessments involve a systematic and detailed evaluation of potential threats and vulnerabilities related to the processing, storage, or transmission of cardholder data. These assessments aim to identify, measure, and prioritize risks an organization might face, helping define strategies to mitigate them. Unlike previous versions of PCI…

Credit cards, AMEX, VISA, and
|

Marriott admits it falsely claimed for five years it was using encryption during 2018 breach

In 2018, Marriott experienced a massive data breach. For years, the hotel chain defended itself by asserting that it had used strong encryption (AES-128) during the breach. However, during an April 10 hearing, Marriott’s attorneys admitted that they had never used AES-128 at the time. Instead, they had employed the less secure Secure Hash Algorithm…

Understanding and Meeting PCI DSS Requirement 6.3.1: Vulnerability Identification
|

Understanding and Meeting PCI DSS Requirement 6.3.1: Vulnerability Identification

PCI DSS version 4.0 requirement 6.3.1, focusing on the identification and management of vulnerabilities, along with its predecessors in previous iterations of PCI DSS, has often been misconstrued. This requirement is interlinked with 10 other PCI DSS requirements, influencing how organizations configure systems, develop applications, apply patches, and address the outcomes of vulnerability scans and…

Q&A With a QSA

Q&A With a QSA

March is upon us and so is the looming PCI DSS 4.0 compliance deadline. In just a few short weeks, the previous PCI Data Security Standard (version 3.2.1) will be officially retired and a multitude of new requirements of PCI DSS 4.0 will need to be implemented. Do you have questions regarding the transition to…

Navigating 2024 Cybersecurity Challenges with GenAI
|

Navigating 2024 Cybersecurity Challenges with GenAI

Summary The article discusses the evolving landscape of holistic application security within cloud strategies, highlighting the increasing evaluation of Generative AI (GenAI) tools. CISOs face challenges in protecting applications and identities, and GenAI emerges as a potential solution. The blog outlines key challenges, including budgetary constraints and deciphering network data, offering GenAI-driven solutions. Additionally, GenAI…

Unlocking Tomorrow: Navigating the Terrain of Generative AI and Machine Learning for Business Transformation

Unlocking Tomorrow: Navigating the Terrain of Generative AI and Machine Learning for Business Transformation

The popularity of Generative AI has surged beyond the realm of IT in the past year. However, understanding the distinction between generative AI and machine learning is crucial for grasping how each can bring unique value to your organization. What is Machine Learning? Machine learning (ML) is a subset of artificial intelligence that employs algorithms…

ROC Revolution: Navigating the Impact of PCI DSS 4.0 on Reporting Efficiency and the Price of Customization

The blog post was written by a friend and former co-worker you may know as the PCI Guru, he discusses a notable change in the Payment Card Industry Data Security Standard (PCI DSS) Report On Compliance (ROC) Reporting Template, specifically in version 4.0. He highlights a shift in the template’s language, emphasizing the need for…