Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AT&T Cybersecurity

PCI DSS reporting details to ensure when contracting quarterly CDE tests

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. There are several issues implied in the PCI DSS Standard and its associated Report on Compliance which are rarely addressed in practice. This occurs frequently on penetration and vulnerability test reports that I’ve had to assess.

Cloud forensics - An introduction to investigating security incidents in AWS, Azure and GCP

The cloud has revolutionized the way we do business. It has made it possible for us to store and access data from anywhere in the world, and it has also made it possible for us to scale our businesses up or down as needed. However, the cloud also brings with it new challenges. One of the biggest challenges is just keeping track of all of the data that is stored in the cloud. This can make it difficult to identify and respond to security incidents.

Identity and Access Management (IAM) in Payment Card Industry (PCI) Data Security Standard (DSS) environments.

Many organizations have multiple IAM schemes that they forget about when it comes to a robust compliance framework such as PCI DSS. There are, at minimum, two schemes that need to be reviewed, but consider if you have more from this potential, and probably incomplete, list: Bottom line, in whatever fashion someone or something validates their authorization to use the device, service, or application, that authorization must be mapped to the role and privileges afforded to that actor.

How Can You Identify and Prevent Insider Threats?

If cyber threats feel like faceless intruders, you’re only considering a fraction of the risk. Insider threats pose a challenge for organizations, often catching them by surprise as they focus on securing the perimeter. There is a bright side, however. Understanding the threat landscape and developing a security plan will help you to mitigate risk and prevent cyber incidents. When designing your strategy, be sure to account for insider threats.

Chinese fraudsters: evading detection and monetizing stolen credit card information

Cyber attacks are common occurrences that often make headlines, but the leakage of personal information, particularly credit card data, can have severe consequences for individuals. It is essential to understand the techniques employed by cyber criminals to steal this sensitive information.

10 Reasons why businesses need mobile device management (MDM)

Mobile device management (MDM) refers to a type of software that allows businesses to manage, configure and secure mobile devices used by their employees. Companies use MDM solutions to maintain a secure environment across all the mobile devices they own or have access to, as well as provide features such as remote wipe, password policies, application management and data protection. This helps them ensure security while providing their employees with access to the applications and data they need.

API security: the new security battleground

Regardless of the techniques used, going big, expensive, and glossy – while potentially useful - doesn’t replace the need for a well-reasoned approach to securing assets founded on traditional activities and principles. Innumerable assets are housed behind APIs, and the widespread use of APIs means they are high-profile targets. Securing them is of the utmost importance.

Dridex malware, the banking trojan

Dridex, also known as Cridex or Bugat, is a banking Trojan that has been active since 2011. The malware is primarily used to steal sensitive information, such as login credentials and financial information, from victims. Dridex is known for its ability to evade detection by using dynamic configuration files and hiding its servers behind proxy layers.

How often should security audits be?

In today’s digital world, it’s no surprise that cyberattacks are becoming more frequent and intense. Enterprises worldwide are trying to defend themselves against attacks such as ransomware, phishing, distributed denial of service and more. In this challenging cybersecurity landscape, now is the time for companies to prioritize security audits. What are cybersecurity audits and how often should they be to remain safe in the threatening IT world?