The PCI Council aims at minimizing the risk of cardholder data by securing sensitive cardholder data including Sensitive Authentication Data (SAD). For these reasons, PCI DSS Standards are strictly enforced in the payment card industry. According to the PCI DSS Security Standard Requirement, organizations dealing with sensitive card data are required to maintain maximum security and implement measures that ensure the confidentiality, privacy, and security of the cardholder data.

According to Norton’s Cyber Safety Pulse Report, India faced over 18 million cyber threats in only Q1 2022, roughly 200,000 threats every day. Of the bulk, 60,000 were phishing attempts, and 30,000 were tech support scams. For perspective, phishing attempts around the world during the same period counted for approximately 16 million. CERT-In also reported over 2.12 lakh (~0.1 million) cybersecurity incidents until February 2022.

Before we dive into the details of this vulnerability, we want to make it clear that there’s no need for panic. Many systems permit the use of various types of code in configuration files, and there are legitimate use cases to include string and variable interpolation in the configuration of applications and systems. This is not Log4Shell all over again. This is simple configuration manipulation.

Most developers don’t learn about secure coding in the college IT programs. And once they join the workforce, they often don’t have the time to learn about secure coding. The responsibility of training developers in secure coding best practices usually falls on security practitioners. Security practitioners are notoriously overworked, often lacking the bandwidth to train developers. Organizations are thus turning to AppSec learning experiences built specifically for development teams.

Temperatures rose in June, and the threat of serious cyber attacks soared along with them. The start of summer saw revelations of major breaches in confidential medical information, a case study for changing-up hacked passwords, another round of victimization for people whose data has already been sold once before, and one high-profile threat to undermine an entire democracy. Let’s take a closer look at these troubling instances, plus one controversial effort to rein in the crimewave.

In January 2022, Microsoft announced that Excel 4.0 macros would be restricted by default, to protect users from malicious macros. In February 2022, Microsoft announced that VBA macros would also be blocked for files downloaded from the internet. Cybersecurity professionals and enthusiasts rejoiced at the news! Malicious Office documents were running rampant. Attackers abused Microsoft Office macros to deliver BazarLoader and Trickbot, and remote access trojans like AveMaria and AgentTesla.

The uptick in recent years in cyber attacks by rival state actors, primarily Russia and China but not only, as well as criminal groups, have pushed the US government to step up its effort to defend against these malicious actors. While much of the focus has been on external actors, there has also been an ongoing effort to secure government organizations from internal threat actors. Insiders present a serious risk because they have authorized access to be inside the organization.

A Readiness Assessment in general is an evaluation process that suggests whether or not an organization is compliant with a specific standard/regulation. The assessment helps determine gaps in security controls and demonstrates the effectiveness of controls to achieve compliance. The assessment works as a guide to identify and address the potential gaps in controls. The readiness assessment basically works as a test run for organizations looking to achieve compliance.

IAM (identity access management) involves numerous IT practices to enforce identity authentication and verification. But Web3 could change how we use the internet by simplifying data protection and IAM procedures. Two factors contribute to the need for authentication practices that are both fast and accurate. One, rising cyber threat activity, and two, infrastructure changes and complexity. Now, IT teams need new ways to authorize identity credentials to adapt to an evolving environment.