Welcome back to our series on PCI DSS Requirement Changes from v3.2.1 to v4.0. Today, we’re discussing Requirement 6, which is crucial for protecting cardholder data. It mandates the use of vendor-supplied security patches and secure coding practices for in-house developed applications. These measures help mitigate vulnerabilities that hackers could exploit. The requirement also emphasizes the importance of vigilance in identifying and remediating vulnerabilities.

Here at AT&T Cybersecurity, we know that the technology powering our managed detection and response services is solid—and we’ve got documentation to prove it. But we also know you’ve probably read your share of marketing materials making claims with nothing to back them up, so when we get the opportunity to share third-party metrics that support what we’ve been saying, we jump on it.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

On February 15, the US Department of Justice announced “Operation Dying Ember”: the takedown of a botnet controlled by APT28, the Russian military cyber threat actor also known as Fancy Bear. APT28 was previously known for developing the VPNFilter botnet, which targeted routers and network attached storage devices and was also disrupted by the DoJ in 2018.

Since the widespread migration to the cloud, DLP has become an essential—yet often dreaded—tool for protecting data from leaks, breaches, exfiltration, and more. It’s no secret that traditional DLP solutions have a less-than-stellar reputation. Security teams are squeezed tighter than ever in terms of time and resources. Needless to say, adding more alerts on top of already daunting workloads is less than ideal. It’s time for a smarter, more sustainable form of DLP.

Explore security findings from Datadog's research into recent attacks, highlighting two sophisticated attack methods and vital lessons in secrets security.

University-industry collaborations and other joint research ventures offer access to resources, expertise, funding, and other benefits for university researchers. However, through the use of unvetted software, password sharing, and other actions these external partnerships can expose the university and its intellectual assets to substantial cybersecurity threats, such as unauthorized access, data breaches, and other cyber attacks.

Today’s cybersecurity landscape is teeming with third-party threats: supply chain risks, regulatory compliance requirements, third-party security flaws, malicious insiders, and more. Whether your organization’s risk appetite craves conservative or aggressive third-party relationships, these risks make third-party risk management (TPRM) necessary.

The United States Congress first authorized the Financial Industry Regulatory Authority (FINRA) to protect American investors and oversee the broker-dealer industry in 2007. FINRA is an independent regulatory organization that upholds its obligation and ensures a fair market by establishing rules to regulate business activities and improve the security of member firms and other market participants. With few exceptions, most broker-dealer firms must register with FINRA.

Cloudflare’s Bot Management is used by organizations around the world to proactively detect and mitigate automated bot traffic. To do this, Cloudflare leverages machine learning models that help predict whether a particular HTTP request is coming from a bot or not, and further distinguishes between benign and malicious bots. Cloudflare serves over 55 million HTTP requests per second — so our machine learning models need to run at Cloudflare scale.