-
Darwinium upgrades its payment fraud protection platform
PRIVACY PRIVACY Security and fraud prevention vendor Darwinium has updated its Continuous Customer Protection platform to provide shared intelligence on anonymized data sets. The company claims that the update ensures customers remain in control of users’ data while also preventing Darwinian from becoming a target of cybercrime. Use cases for the Darwinium platform include account…
-
OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks
PRIVACY PRIVACY The Open Source Security Foundation (OpenSSF) has announced the release of Supply-chain Levels for Software Artifacts (SLSA) v.1.0 with structure changes designed to make the software supply chain security framework more accessible and specific to individual areas of the software delivery lifecycle. SLSA is a community-driven supply chain security standards project that outlines…
-
#CYBERUK23: NCSC Urges International Collaboration to Build Cyber Resilience
PRIVACY PRIVACY The NCSC’s CEO, Lindy Cameron, urges the UK to cooperate more with its allies in combating cyber threats Read More
-
UK NCSC warns of new class of Russian cyber adversary threatening critical infrastructure
PRIVACY PRIVACY The UK National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert states that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of…
-
EFF on the UN Cybercrime Treaty
PRIVACY PRIVACY EFF has a good explainer on the problems with the new UN Cybercrime Treaty, currently being negotiated in Vienna. The draft treaty has the potential to rewrite criminal laws around the world, possibly adding over 30 criminal offenses and new expansive police powers for both domestic and international criminal investigations. […] While we…
-
Guidance on network and data flow diagrams for PCI DSS compliance
PRIVACY PRIVACY This is the third blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. PCI DSS requires that an “entity” have up…
-
Police Escape $1.2m Fine For Secretly Recording Phone Calls
PRIVACY PRIVACY Surrey and Sussex police forces reprimanded after recording 200,000 calls Read More
-
Triple-digit Increase in API and App Attacks on Tech and Retail
PRIVACY PRIVACY Web attacks also surge in financial services, although not in UK Read More
-
Top risks and best practices for securely offboarding employees
PRIVACY PRIVACY Employees won’t work for the same organization forever and dealing with their departures is just part and parcel of business. But the security risks posed by departing staff can be significant. Without secure off-boarding processes, organizations expose themselves to a variety of cybersecurity risks ranging from the innocuously accidental to the maliciously deliberate.…
-
NCSC Warns of Destructive Russian Attacks on Critical Infrastructure
PRIVACY PRIVACY Alert follows advisory about Kremlin hackers targeting Cisco routers Read More