Why Red Teaming is Critical for Cybersecurity: Lessons Learned from Real-World Attack Simulations
Organisations have a continuing problem in a world where technology is everywhere, changing our lives and interactions; updating their defences against bad actors who exploit the ever-evolving tech ecosystem. To fully realise the potential of the digital age, cybersecurity must be integrated into every aspect of modern life. Cybersecurity, rather than being a separate notion, […]
How does PCI DSS v4.0 affect an entities website compliance?
PCI DSS is not a new thing, in fact, it has been around since December 2004. As with any security programme it has been regularly updated to ensure it is fit for purpose in the modern day. It’s due another major change moving from its current iteration (3.2.1) to Version 4.0. The latest version is […]
TikTok Banned on UK Government Phones
TikTok, the social media app that took the world by storm with its addictive short-form videos, has been in the news lately for all the wrong reasons. The app, which is owned by Chinese company ByteDance, has been accused of compromising user privacy and security by collecting and sharing data without users’ knowledge or consent. […]
ChatGPT: An Overview of Potential Security Vulnerabilities
ChatGPT is on everybody’s lips. LinkedIn is awash with posts. It’s a hot topic. Depending on what you read, it’s going to improve the world, put us all out of jobs and/or send a T800 to 1984 to kill Sarah Connor. We thought we would jump on the bandwagon and ask it a question of […]
Social Engineering: Smishing & Vishing
On Thursday, 24th November 2022 the Met Police lifted the media embargo to report on the largest fraud case because of social engineering. It has been reported that £48M has been taken collectively, with one victim reportedly losing £3m. Sky News’ report can be read here: UK’s Biggest Fraud Sting Takes Down Phone Bank Scam that […]
PCI DSS version 4.0 Release Schedule
The PCI SSC has announced that PCI DSS version 4.0 is scheduled for publication at the end of March 2022. A number of our QSA clients have been longing for a peek at the draft version, however I’ve signed my life away under a non-disclosure agreement with the PCI SSC so I’m still obligated to […]
WFH or returning to the office – one clear requirement
WFH OR RETURN TO THE OFFICE – ONE CLEAR REQUIREMENT The pandemic has caused a huge shift in the way we work. But as the UK continues to lift its Covid measures, whether your staff remain at home, come back to a desk-bound role, or mix and match dependent on need, space and […]
Time is Running out for E-Commerce Merchants Running Magento Version 1.x
E-Commerce merchants who are still using Magento version 1.x as their on-line shopping cart will soon run out of time to move to a supported version! When Magento version 2.0 was released back in November 2015, E-Commerce merchants and developers were informed that Magento version 1 had a limited shelf life and would become obsolete. The initial end of life date given was November 2018, however push back from developers and merchants alike resulted in a revised end of life date of June 2020. As an experienced Information Security Consultant and PCI QSA one of the
PCI DSS v3.2.1 Regular Tasks
To maintain PCI DSS compliance, there are a number of tasks which must be conducted on a regular basis. I’ve taken the liberty of collating all of these regular tasks into one table. Where the frequency of a task is “regular” or “periodic”, I have made a recommendation based upon my experience as a QSA. Dependant upon the environment and threat landscape, it could be justified for these indeterminate frequencies to shift in either direction. Note that this table assumes a SAQ-D equivalent environment with all PCI DSS controls being in-play. The shape of the regular
Lies, damned lies and PCI DSS compliant E-Commerce hosting and service provision
As a PCI DSS Qualified Security Assessor, I’ve had this conversation far too many times now. Many hosting providers make claims of PCI DSS compliance, however when trying to verify that compliance we are met with obfuscation and frustration. I have seen so many certificates, ASV scan reports, merchant attestations and other documents which service […]