LRQA Nettitude Blog

PCI DSS 4.0 Migration for Merchants and Service Providers | LRQA Nettitude

Posted by LRQA Nettitude on May 31, 2023 7:51:38 PM

 

Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) was released at the end of March 2022. At the time of writing, we now have less than one year until the previous version, 3.2.1, is retired and can no longer be used for new assessments.

Read More

Topics: PCI Compliance, PCI DSS 4.0, PCI DSS, payment card industry security standards, PCI DSS Compliance

Challenges of Meeting ASV Scanning Requirements in PCI 4.0 | LRQA Nettitude

Posted by Nettitude on May 30, 2023 6:37:35 PM

 

If you've ever taken a credit card as payment for anything, then you've probably heard of the Payment Card Industry Data Security Standard (PCI DSS). This defines a set of requirements for merchants and service providers to protect their customers' payment card data. The importance of PCI DSS lies in the fact that it helps to protect sensitive data which could have huge ramifications should it fall into the wrong hands. This includes information such as credit card numbers, names, addresses, and other personally identifiable information.

Read More

Topics: PCI Compliance, PCI DSS 4.0, PCI DSS, payment card industry security standards, Vulnerability Scanning, Approved Scanning Vendor, asv scanning, PCI DSS Compliance

The Dangers of Social Engineering Attacks in Cybersecurity | Nettitude

Posted by Nettitude on Apr 29, 2023 6:54:01 PM

 

A social engineering attack refers to any type of attack where deception, manipulation or coercion is used to elicit information or access from a person for their own purposes. Social engineering refers to any technique used by a threat actor that focuses on people and process, rather than on technology. The most common form of social engineering attack is a phishing email that tricks victims into giving up personal information such as passwords and credit card details. Phishing often masquerades as an official corporate email from an organisation's CEO or another trusted person within the company.

Read More

Topics: Penetration Testing, Social Engineering, Social Engineering Attack

Security Excellence Awards 2023 Rising Star Interviews | Nettitude

Posted by Nettitude on Apr 19, 2023 2:28:57 PM

 

The Security Excellence Awards 2023, hosted by Computing, are a prestigious event that recognises outstanding achievements in cybersecurity. These awards celebrate individuals and companies that have demonstrated excellence, including the Rising Star category, which highlights emerging talents in the industry. This category shines a spotlight on individuals who have shown exceptional skills, dedication, and innovation in their roles and have the potential to become future leaders in the cybersecurity field.

We are delighted that among the nominees for the Rising Star category are two Nettitude colleagues Matthew Saunders and Chloe Sharp. Learn more about Matthew and Chloe below.

Read More

Topics: cybersecurity

What are the Different Types of Cybersecurity Testing? | Nettitude

Posted by Nettitude on Mar 31, 2023 5:31:13 PM

 

When it comes to cybersecurity, one of the most important things you can do is test your system for vulnerabilities. Cybersecurity testing ensures you have all the necessary security measures in place and that they are functioning correctly. There are many ways to test the security of a system. Some are more thorough than others, and some take longer to complete. 

Read More

Topics: Penetration Testing, risk assessment, cybersecurity, Vulnerability Scanning, Vulnerability Assessment

The Cybersecurity Threats to Email: Explained | Nettitude

Posted by Nettitude on Mar 31, 2023 3:35:46 PM

 

Despite the numerous messaging apps available, email remains the most used method of formal communication. This is because email is still associated with professionalism. However, as emails are preferred among businesses, this also makes them an ideal target for cybercriminals. 

Most data breaches occur for an economic reason—the attacker hopes to profit from the information they gain access to. Emails contain a lot of personal information already and can also be used to access other vital systems. This makes them an ideal entry point for hackers with varying motives.

Read More

Topics: cybersecurity, phishing, Email Security, zero-day

How to Secure Your API Against Cyber Attacks | Nettitude

Posted by Nettitude on Feb 28, 2023 10:12:45 PM

 

As the world becomes increasingly interconnected, businesses must take steps to secure their data and protect their application programming interface (API). API security is vital for two reasons. First, APIs provide access to sensitive data, making them a prime target for attacks. Second, APIs can be used to launch attacks on other systems, making them a critical part of any security strategy. To protect your business, it is essential to implement robust API security measures. 

Read More

Topics: Penetration Testing, Website Penetration Testing, Web Application Penetration Testing Tools, Web App Penetration Testing

Benefits of Performing Code Reviews | Nettitude

Posted by Nettitude on Feb 28, 2023 5:55:54 PM

 

When performing a penetration test, most companies focus on traditional methods with limited knowledge about the targeted system. In fact, if you are dealing with software or programming at a deeper level, there may be threats or vulnerabilities in the code that your team is not aware of. This is where a code review as a service comes in.

In essence, a code review is where every part of a program’s code is analysed to make sure there are no risks of vulnerability that someone else can take advantage of. It also ensures that any confidential information is hidden, which is a vital aspect of cybersecurity. 

Let’s take a closer look at the benefits of a code review as a service.

Read More

Topics: Penetration Testing, Digital Security Company, Code Review Service, Code Review as a Service

PCI DSS v4.0 and SAQ A | Nettitude

Posted by Nettitude on Jan 31, 2023 8:57:58 PM

 

Many organisations accepting card payments see SAQ A as the target operating model, as this has the most effect on reducing the PCI DSS requirements with which an organisation must comply. It does not come without risks though, as the third-party service providers you have engaged with must always maintain their compliance to support yours.

So, what remains the same, and what has changed with the arrival of PCI DSS v4.0? The first blog of this series explained the core format changes for all the SAQs, here we turn to the specifics around SAQ A.

Read More

Topics: PCI 4.0, PCI v4.0, PCI DSS v4.0, PCI DSS 4.0, PCI DSS, SAQ A

SAQs and the impact of PCI DSS v4.0 | Nettitude

Posted by Nettitude on Jan 16, 2023 3:13:44 PM

 

The PCI Security Standards Council (SSC) published PCI DSS v4.0 on the 31st March 2022. The combined efforts by the SSC, payments brands, participating agents, and QSA the community have yielded a significant overhaul that promises to provide a framework for securing payment card information in the future.

There has since been a lot of activity surrounding the release, which gives rise to a problem. With such an overhaul, people are suffering from information overload and are unable to find a starting point for their organisations. Nettitude will break down what the changes mean and what a merchant or service provider needs to migrate, starting with a series of blogs discussing changes to self-assessment questionnaires allowing you to quickly start forming your plan to move to PCI DSS v4.0.

Read More

Topics: PCI 4.0, PCI v4.0, PCI DSS v4.0, PCI DSS 4.0, PCI DSS

Subscribe Here!

About Nettitude

Nettitude is the trusted cybersecurity provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Recent Posts

Posts by Tag

See all