PCI version 4.0 was released in March 2022, and all organizations that must be compliant with the regulation have a deadline of March 31, 2024 to do so. So, what does the new version say about pen testing? According to Requirement 11 of the Payment Card Industry Data Security Standard (PCI DSS), pen testing is required for organizations and entities that store, process, and/or transmit cardholder data.

Every news article about a threat group or attack floods the reader with classifications: nation-state groups, hacktivists, cyberterrorists, etc. But how can we define who is what? How can we differentiate between said categories? How should we deal with potential classification overlaps? Especially in the ever-evolving cyberwarfare realm, how can we approach these closely rooted phenomena?

With the increasing frequency of cyber-attacks, businesses need to prioritize proactive early incident detection. In this blog, we will highlight the significance of a high-quality threat intelligence solution in building a well-rounded and proactive defense strategy. In an era defined by pervasive connectivity, businesses of all sizes find themselves grappling with an escalating threat of cyber-attacks.

Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic. Outpost24, a leading cybersecurity risk management platform, today announced the acquisition of Sweepatic. Based in Leuven (BE), Sweepatic is an innovative external attack surface management (EASM) platform. Gartner identified EASM as a top Security and Risk Management (SRM) trend for 2022.

The Smashing Security podcast recently invited our Director of Product Management, John Stock, on to discuss our Vulnerability Prediction Technology (VPT) tool, the security challenges brought by remote work, and the importance of balancing risk management with business goals.

Designed to support the digital resiliency of financial institutions in the EU and UK, the Digital Operational Resilience Act is set to go in effect in January 2025. In this blog, we take a deep dive into what organizations must do in order to be compliant with this new legislation. Digital resiliency is one of the financial sector's most significant challenges today.

KrakenLabs has developed a new naming convention that uses poisonous plants to represent the origin and criminal activities of threat actors. This approach provides a creative way to classify different types of threat actors, allowing security professionals to quickly understand the nature and behavior of the threat actor, which is helpful for identifying and mitigating threats effectively.

Vulnerability scanning and penetration testing should be an essential part of your cybersecurity strategy. This blog discusses the above methods in the context of securing your web applications, including the benefits, drawbacks, and compliance implications. Table of contents: What is a vulnerability scan? What is a penetration test? What are the drawbacks of the traditional pen test model? Should I only to pen tests, vulnerability scans, or both?

The HIPAA Security Rule requires healthcare organizations to perform regular security risk assessments to protect e-PHI. Penetration testing can help organizations with this requirement.