Any company that processes payments knows the pain of an audit under the Payment Card Industry Data Security Standard (PCI DSS). Although the original PCI DSS had gone through various updates, the Payment Card Industry Security Standards Council (PCI SSC) took feedback from the global payments industry to address evolving security needs.

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).

In today's digital age, where interconnectivity is the norm, routers act as custodians of business information. These devices, which can sometimes be undervalued, control data traffic between our devices and the global network. However, recent events have highlighted vulnerabilities that may affect a large number of routers, raising concerns about the protection of sensitive information handled by enterprises.

Since CrowdStrike Charlotte AI became generally available, we’ve seen firsthand how genAI can transform security operations, enabling teams to save hours across time-sensitive tasks and accelerate response to match the speed of modern adversaries.

Explore the essential role access control plays in cybersecurity, from the basics of how it works, components, and types to Zero Trust and best practices.

For businesses operating along the Southern and Eastern Atlantic coast, each hurricane season ushers in a storm front of anxiety and trepidation — in addition to all that wind and rain. And for good reason. According to the National Oceanic and Atmospheric Administration (NOAA), hurricanes are the deadliest and most costly type of weather disaster, responsible for nearly $2.6 trillion in damage since 1980.

It is a proud and exciting day for me to announce that Bugcrowd has acquired Informer. On this momentous day, I can’t help but take a walk down memory lane, thinking about the past decade of hard work and innovation that led us to this moment. Ten years ago, I founded a specialist penetration testing business called The Security Bureau. As our client base grew, certain patterns emerged and it became clear that many organizations were unsure of exactly which assets were internet-facing.

A buggy rollout or, even worse, a security breach can lead to user frustration, lost trust, and damaged reputation. To keep users happy and your brand protected, you need a robust deployment strategy that balances seamless updates with ironclad security. 32% of customers abandon a brand they love after just one negative interaction. For software teams, this means that every update is a high-stakes moment. Can we ensure both a positive user experience and robust protection during every rollout?

Access management is a fundamental element of your organization’s security infrastructure. With numerous approaches to implementing an access management system, selecting the most suitable one for your organization may be daunting. In this article, we analyze the two most popular access control models: role-based and attribute-based. We delve into what RBAC and ABAC are, review the pros and cons of each model, compare them, and check if it’s possible to combine them.

The impact of the 2024 RSA Conference on security in San Francisco was beyond expectations. It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams.