Paul’s Security Weekly (Video)
Technology
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that touches payment-card data is in scope for PCI DSS compliance, whether or not the system or function is public-facing. We'll talk through what organizations should have gotten done by March 31, 2024, and what needs to happen by March 31, 2025.
Segment Resources: https://info.obsglobal.com/pci-4.0-resources
Show Notes: https://securityweekly.com/psw-825
Voltron, Karakurt Extortion, 1 Click Workaround, Snowden Citizenship, & Casey Ellis - PSW #757
The Role of Human Behavior in Security & the Future - Ev Kontsevoy - PSW #757
Firmware VS. Hardware, Tamper Protection, Hacking Gamers, & Unfortunate Spillage - PSW #756
MFA Fatigue & Authentication - Sinan Eren - PSW #756
Browser In Your Browser, Sock Puppets, Performance Killing Patches, & GIFShell - PSW #755
Using No-Code Automation to Tackle Analyst Burnout - Thomas Kinsella - PSW #755
Crappy Exploits, $8 Mil 0-Day, Mac Updates, & Anti-Cheat Is NOT Anti-Hack - PSW #754
Turning Cybersecurity Education Into Industry Impact - John Hammond - PSW #754
Mudge, Tox P2P Messenger, 8 Year Old Linux Flaws, Dirty Pipe, & Unix Legends - PSW #753
Data Integrity Lights the Way: Security With the Decentralized Web - Davi Ottenheimer - PSW #753
StarLink Hacks, Ramsomware Extortion, Signal/Twilio Compromise, Hacking Cars and Tractors - PSW #752
InfoSec Lessons from Military Strategy, Tactics, and Operational Art - Greg Conti - PSW #752
Not-So-Secure Boot - Jesse Michael, Mickey Shkatov - PSW #751
Unearthed Easter Eggs, Black Hat/DEF CON Talks, Decrypting Oz, & 27 Factor Auth - PSW #751
Re-Routing Traffic, Pseudo Keyloggers, TLS Inside, LockBit, Cobalt Strike & Defender - PSW #750
Career in Infosec, SANS Work, & End User Awareness Training - Guy Bruneau - PSW #750
FreeBSD, Steam Decks, Ancient Computers, UEFI Rootkits, & Office Macro Saga Continues - PSW #749
Apple Airtag Detection & Simulation - PSW #749
Linux Distros, The Linux Firewall, CIA Agents, Vault 7 Leaks, & The "Coolest" Laptop - PSW #748
ICS Security - Lesley Carhart - PSW #748
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Acquired