The Payment Card Industry Data Security Standard (PCI DSS) is the gold standard for protecting cardholder data. With the recent release of version 4.0, the focus on securing APIs has intensified. But what does this mean for your organization, and why shouldn't you take API security with a grain of salt (pun intended)?

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition analyses cyberattacks related to a new malware campaign targeting Docker APIs, a Phishing-as-a-Service platform attacking Microsoft 365, and an analysis of the cyberespionage group UNC3886.

THORChain is a network that facilitates native asset settlement between various blockchains including Bitcoin, Ethereum, BNB Chain, Cosmos, and more. Overall, THORChain aims to provide a seamless and efficient way for users to exchange assets across different blockchains while maintaining a high level of decentralization, security, and community participation.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) is an important legislation that outlines how critical infrastructure sectors should deal with cybersecurity threats. CIRCIA strengthens cyber defenses by establishing comprehensive reporting requirements for cyber incidents and ransomware payments.

ASUS recently issued a firmware update to resolve a critical security vulnerability affecting seven different variants of its router models. Identified as CVE-2024-3080 with a CVSS v3 severity score of 9.8 (critical), the vulnerability permits remote attackers to take control of the affected router models without needing any login credentials.

Imagine your financial data behind a seemingly impenetrable wall, but in reality, it's akin to a fortress with invisible cracks. That is a world without Threat-Led Penetration Testing (TLPT). As cyber threats become more nuanced and lethal, TLPT stands as a specialised sentinel in the arsenal of financial institutions, safeguarding sensitive assets through the simulation of real-world attacks.

The Payment Card Industry Data Security Standard (PCI DSS) is a global cornerstone for safeguarding cardholder data. PCI DSS version 4.0, the most recent iteration, emphasises a dynamic, risk-based approach to security, compelling organisations to tailor their controls to their unique environments. PCI DSS penetration tests are crucial for meeting and maintaining security standards.

Cybersecurity is a critical concern for organizations of all sizes. Implementing robust security measures is a best practice and essential to protect against increasingly sophisticated cyber threats. However, the challenge is often more significant for small and medium enterprises (SMEs) due to limited resources, lack of security expertise, and other common obstacles.

A SaaS Backup solution should definitely be considered in your data protection strategy. Backups generate copies of your data, and as a consequence allow for a quick recovery in case of data loss due to accidental (or intentional) deletions, cyber-attacks, or outages.

Devo recently brought together an esteemed panel of modern CISOs to discuss the issues that matter most to them and their peers. Included in the panel were: It was a lively discussion that covered important topics around the evolution of one of the top security executive roles. Here are five of the key takeaways that bubbled up from the hour-long CISO panel.