Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

PCI DSS 4.0.1 Compliance for Payment Providers (SAQ D) - How to Ensure Compliance Across Thousands of Payment Pages

Compliance for Payment Providers SAQ D presents unique challenges due to their distributed business model. With payment pages, iframes, and forms embedded across thousands of merchant websites, ensuring consistent security and maintaining PCI DSS 4.0.1 compliance requires sophisticated solutions and strategies.

Yahoo Finance: U.S. Lawmakers Push to Ban China's DeepSeek AI Over Security Risks - Feroot Security Analysis

Washington, D.C. – U.S. lawmakers announced a bill to ban DeepSeek, the Chinese AI chatbot app, from government devices following a security analysis by Feroot Security that revealed alarming privacy and national security risks. The research suggests that DeepSeek collects user data, including digital fingerprints, login credentials, and behavioral information, potentially sending it to servers tied to the Chinese government.

What Is Application-Aware Backup?

When it comes to backups, you have a wide range of options to consider for successful and fast data recovery. The options include type of backup, frequency, source, destination, and many others. Nowadays, it’s no longer enough for backup solutions to simply capture files on a disk given that most organizations use servers to run applications. “Inconsistent” file backups are not adequate for optimal recovery time objectives and recovery point objectives.

LLMjacking targets DeepSeek

Since the Sysdig Threat Research Team (TRT) discovered LLMjacking in May 2024, we have continued to observe new insights into and applications for these attacks. Large language models (LLMs) are rapidly evolving and we are all still learning how best to use them, but in the same vein, attackers continue to evolve and grow their use cases for misuse.

The Only DORA Compliance Checklist You Need

The bad news – if you’re wondering about the DORA compliance date, it already passed on January 17th 2025. The good news? If you’ve been too busy to even think about the EU’s Digital Operational Resilience Act, it’s not too late to score some quick compliance wins. This DORA compliance checklist is your blueprint for establishing not just compliance, but checks and balances for maintaining it.

Torq Signed the CISA Secure by Design Pledge

At Torq, our commitment to security has always been at the forefront of our mission to empower businesses through our SaaS platform. Today, we’re proud to announce a significant step forward in our security journey: Torq has signed the CISA Secure by Design Pledge. This pledge underscores our dedication to ensuring that our customers can trust our platform to uphold the highest security standards, enabling customers to focus on their goals without concerns about their security posture.
Featured Post

DORA Is Here - But Readiness Concerns Are Far from Over

For months, the impending Digital Operational Resilience Act (DORA) deadline has dominated boardroom discussions across the financial sector with its potential to reshape operational and regulatory practices. Now that DORA is officially in effect, attention has shifted to other matters, such as a new US presidential inauguration, AI, and fiscal concerns for 2025. Yet DORA should remain a major cause for concern as the regulation is now active and enforcement has begun. Given its likely strict enforcement, financial organisations and third parties must maintain focus on compliance to avoid major regulatory and operational risks.

Role-based access control: Your organization's defense against cyberthreats

In today’s world, cyberthreats are so prevalent that they expose both public and private organizations to data breaches. A single account with excessive privileges is enough for a hacker to infiltrate the entire organization. To protect your organization from such incidents, you can delegate permissions to users based on their roles and responsibilities. This is where role-based access control (RBAC) comes in.

Top tips: How not to let dark data become a silent threat to your organization

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we’ll explore a few ways to identify dark data and mitigate the risks it poses. Dark data is a threat to organizations. Despite efforts to prevent it, dark data inevitably makes its way into systems and is often left unaddressed.

WatchGuard Joins AWS ISV Accelerate Program and Announces Availability in AWS Marketplace

WatchGuard Technologies, a global leader in unified cybersecurity, today announced that it has joined theAmazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organisation.