The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection […]
Author Archives: Onsite Computing, Inc.
Enterprise security patching remains a challenge despite improvements in both vulnerability assessment and update technology. Competing priorities, organizational challenges, and technical debt continue to transform an ostensibly straightforward aim of keeping systems up to date into a major headache, according to IT experts quizzed by CSO. Because of these and other issues, approximately 60% of […]
Apple has filed a motion to “voluntarily” dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical “threat intelligence” information. The development was first reported by The Washington Post on Friday. The iPhone maker said its efforts, coupled with those of others in the […]
The ransomware landscape has seen a lot of fragmentation over the past couple of years with major groups shutting down after they became the target of law enforcement actions or after they attracted too much attention and had ransoms put on their leaders’ identities. Ransomware-as-a-service (RaaS) operations are heavily reliant on third-party hackers, known as […]
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users’ credentials. “Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML […]
Cellular connectivity was often relegated to a failover connection option. Because of its mobile or remote nature, 5G was used as a primary connection for vehicle fleets, IoT devices, and remote workers in places where wired broadband wouldn’t work or couldn’t be obtained. But this sentiment is changing. More and more organisations recognise 5G for […]
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. […] Go to Source Author: Bill Toulas
A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. […] Go to Source Author: Bill Toulas
A recently fixed “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. […] Go to Source Author: Lawrence Abrams