Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PCI DSS 4.0 Compliance: A Guide to Requirements 6 & 11

As of March 31, 2025, full enforcement of the PCI DSS 4.0 guidelines is now in effect. This latest version introduces critical updates that strengthen payment card data security across digital environments. Among the most notable changes are requirements that target client-side security, an area that has been largely overlooked until now.

Why your DevSecOps team needs a log management solution

Not all log management and log analysis tools are created equal. With organizations like yours generating large amounts of log data, understanding how to manage, analyze, and secure these log files is key for maintaining system performance, meeting compliance requirements, detecting performance issues, and responding to incidents faster.

What Makes Southeast Asia the "Ground Zero of Cybercrime"?

Author: Bex Bailey Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of cybersecurity risk worldwide. In fact, Forrester reveals that organizations in Asia Pacific (APAC) experience an average of 3.5 breaches within a 12-month period versus 2.8 globally. Organizations in the region also experience a cumulative cost of US$2.8 million against the global mean of US$2.7 million.

Migrate from your existing SIEM and quickly onboard security teams with Datadog Cloud SIEM

Many organizations face significant challenges with onboarding teams to a new or existing SIEM. Security teams grapple with escalating expenses tied to data ingestion, storage, and retention at scale. Steep learning curves can make setup an ongoing and frustrating chore, leading to mistakes and gaps in coverage. Further, SIEMs with constrained ecosystem integrations block users from the tools and customizable workflows they need and are comfortable with.

17 Security Tips For Hybrid Workers

The days of full remote work may be behind for most of us, but the hybrid work model is stronger than ever. In 2024, approximately 27% of workers in Europe are estimated to be working in a hybrid model, and around 36% in the US are working in a structured hybrid model. Hybrid work models also offer flexibility in their structure, with the different kinds of models companies use being: While hybrid work offers many benefits, what are the risks for hybrid workers in terms of security?

OT Security in Ports: Lessons from the Coast Guard's Latest Warning

The cranes that move goods in and out of America's busiest ports (some of the most essential components of our national logistics chain) are under growing scrutiny. In a newly issued MARSEC Directive 105-5, the U.S. Coast Guard has raised red flags about the cybersecurity risks that come with ship-to-shore (STS) cranes manufactured in China. These cranes, mostly produced by state-owned enterprises like Shanghai Zhenhua Heavy Industries (ZPMC), make up nearly 80% of the STS equipment at U.S. ports.

CVE-2025-20309: Cisco Unified Communications Manager Static SSH Credentials Maximum Severity Vulnerability

On July 2, 2025, Cisco released a security advisory detailing a maximum severity vulnerability (CVE-2025-20309) in Cisco Unified Communications Manager and Unified Communications Manager SME Engineering Special, caused by hard-coded root SSH credentials that cannot be changed or removed.

To Report or Not to Report Ransom Payments - A Helpful and Useful Idea

Just a recap - Trustwave in no way endorses ransom payments. We believe the best way to deal with a ransomware situation is to: A: Create a strong defensive posture that will deter, if not stop, an attack. B: Have in place a solid and well-practiced incident response plan that includes backups so an organization can quickly recover from any attack.

To Report or Not to Report Ransom Payments - Possibly Not Worth the Effort

Just a recap - Trustwave in no way endorses ransom payments. We believe the best way to deal with a ransomware situation is to: A: Create a strong defensive posture that will deter, if not stop, an attack. B: Have in place a solid and well-practiced incident response plan that includes backups so an organization can quickly recover from any attack.