Month: April 2024

When did PCI DSS become mandatory? PCI DSS compliance became mandatory with the rollout of version 1.0 of the standard on December 15, 2004. But we should pause here to talk about what we mean by “mandatory” in this context. PCI DSS is a security standard, not a law. Compliance with it is mandated by…

Read More

“Identity Fabric Immunity (IFI) cannot be compared with traditional IAM; rather, it describes an ideal state an organization can reach by using disparate IAM approaches and the best available identity services that enable the building of a cohesive identity fabric,” says Mark Callahan, senior director of product marketing at Strata.io. “An identity fabric immunity is…

Read More

Apr 03, 2024NewsroomWeb Security / Vulnerability A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL…

Read More

Dark web browser All this activity, this vision of a bustling marketplace, might make you think that navigating the dark web is easy. It isn’t. The place is as messy and chaotic as you would expect when everyone is anonymous, and a substantial minority are out to scam others.  Accessing the dark web requires the use…

Read More

xz Utils Backdoor The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica: Malicious code added to xz Utils versions 5.6.0 and…

Read More

Declassified NSA Newsletters Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003. There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted: Applied…

Read More

The PlexTrac blog proposes a series of basic questions you need to answer once you’ve decided to move forward. Hopefully our description so far has brought home the reasons why an organization would conduct one. Just as important a question, however, is who will participate. This goes beyond just needing to know the emails of…

Read More

No one is immune from being scammed. Just ask Tarah Wheeler, founder and CEO of Red Queen Dynamics, a company that specializes in keeping people scam-free. While onboarding a new hire, a process she put in place stopped a scammer despite a serious cyber misstep.  Check out the episode for an object lesson in how…

Read More

Today, CISA published a new dedicated High-Risk Communities webpage comprised of cybersecurity resources to support civil society communities at heighted risk of digital security threats, including cyber hygiene guidance, a repository of local cyber volunteer programs, and free or discounted tools and services. Despite their vulnerability to advanced cyber threats, many civil society organizations operate…

Read More

“The sophisticated nature of this attack and the use of highly future-proof crypto algorithms (Ed448 vs the more standard Ed25519) led many to believe that the attack may be a nation-state level cyberattack,” researchers from security firm JFrog noted in an analysis. Who is affected by the XZ Utils backdoor? The backdoor is present in…

Read More