Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A newly identified cyber campaign has been actively targeting organizations across multiple sectors in Japan since January 2025. Threat actors of unknown origin have been exploiting CVE-2024-4577, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows, to gain unauthorized access to victim systems. This campaign has primarily impacted Japan’s technology, telecommunications, and e-commerce industries.

PCI DSS (Payment Card Industry Data Security Standard) v4.0.1 is designed to protect cardholder data and secure payment environments. Compliance with PCI DSS is critical for any organization that stores, processes, or transmits payment card information. The framework helps prevent fraud, data breaches, and financial losses associated with cyber threats targeting payment systems.

We are excited to announce that Indusface has successfully achieved PCI DSS v4.0.1 certification as a service provider, reinforcing our commitment to industry-leading security and compliance. This milestone underscores our dedication to protecting sensitive cardholder data and helping businesses navigate evolving security regulations.

The NIST Cybersecurity Framework (CSF) 2.0 is a voluntary framework developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks. Initially released in 2014, CSF was primarily intended for critical infrastructure sectors. However, CSF 2.0 (2024) expands its scope to include organizations of all sizes and sectors, including small businesses, nonprofits, and large corporations.

Organizations handling Controlled Unclassified Information (CUI) need to comply with NIST SP 800-171 Revision 3, a set of cybersecurity requirements developed by the National Institute of Standards and Technology (NIST). These guidelines apply to non-federal organizations, including private companies, defense contractors, and businesses in regulated industries, that process, store, or transmit CUI.

NIST Special Publication 800-53 revision 5 provides a comprehensive set of security and privacy controls to help organizations manage risk effectively. These controls are widely adopted by federal agencies and private organizations to enhance cybersecurity resilience. Compliance with NIST SP 800-53 r5 helps organizations strengthen their security posture, mitigate cyber threats, and ensure regulatory compliance.

Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, affecting various file hashing functions. These vulnerabilities—CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159—allow credential coercion, which can lead to path traversal and potentially enable remote code execution (RCE).

As organizations move to the cloud, achieving FedRAMP compliance becomes a critical requirement for security and risk management. The framework mandates rigorous security controls across risk assessment, incident response, system integrity, audit logging, and continuous monitoring. AppTrana WAAP (Web Application and API Protection) helps organizations address these controls by offering comprehensive security measures, including vulnerability scanning, continuous monitoring, and attack prevention.