by Terence Martin | May 16, 2023 | Compliance, cybersecurity, penetration testing
Open source intelligence gathering, or OSINT, can be a threat to organizations because it can be used to gather information about their employees, assets, and vulnerabilities. This information can then be used to launch targeted scanning against discovered...
by Joshua Jones | Apr 18, 2023 | Compliance, cybersecurity, PCI DSS 4.0
Today, let’s look at some changes made to Requirement 3 for PCI DSS 4.0. I am also adding “Why does this matter?” sections at the end of each control change to hopefully shed light on why it’s important. Requirement 3 Changes In Requirement 3, we will find an...
by Andrew Nash | Apr 4, 2023 | Compliance, cybersecurity, penetration testing
Overview One of the most common findings we make at Contextual Security Solutions during internal penetration tests is the presence of vulnerable network protocols, like Link-local Multicast Name Resolution (LLMNR), Web Proxy Auto-Discovery (WPAD)...
by Joshua Jones | Feb 16, 2023 | Compliance, cybersecurity, PCI DSS 4.0
Today, let’s look at changes made to Requirement 2 for PCI DSS 4.0. Requirement 2 Changes In Requirement 2, we will find our first PCI DSS new control for 4.0: In 3.2.1, roles were not necessary to be defined in 2.x controls. While role definition...
by Joshua Jones | Oct 25, 2022 | Compliance, cybersecurity, PCI DSS 4.0
Now that you are looking at your timeline, you may be wondering how you can get from where you are now, a sage of PCI DSS 3.2.1, to where you will need to be by 2024. The PCI DSS 4.0 Summary of Changes Using the PCI DSS Summary of Changes document, you can...
by Joshua Jones | Jul 8, 2022 | Compliance, PCI DSS 4.0
March 2022 forever changed the compliance landscape for all time. PCI DSS 4.0 was launched, the world was ushered into an era of bliss. Ok, seriously, bliss and compliance frameworks are, for most, not even in the same solar system. But, PCI DSS 4.0 is here and, for...
Recent Comments