#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Remote Monitoring | Breaking Cybersecurity News | The Hacker News

Category — Remote Monitoring
Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

Master Your PCI DSS v4 Compliance with Innovative Smart Approvals

Sep 16, 2024 Payment Security / Data Protection
The PCI DSS landscape is evolving rapidly. With the Q1 2025 deadline looming ever larger, businesses are scrambling to meet the stringent new requirements of PCI DSS v4.0. Two sections in particular, 6.4.3 and 11.6.1, are troublesome as they demand that organizations rigorously monitor and manage payment page scripts and use a robust change detection mechanism. With the deadline fast approaching and the consequences of non-compliance so severe, there is no room for complacency, so, in this article, we look at the best way to meet these complex coding requirements. PCI DSS v4: Understanding Requirements 6.4.3 and 11.6.1 These changes to PCI DSS in v4.0 acknowledge the urgent need to tighten client-side security in the face of pervasive supply-chain threats. They call for beefed-up payment page security to keep customers' sensitive payment details safe from malicious script injection attacks: 6.4.3: To meet this requirement your organization needs to monitor and manage all payment
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign

Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign

Apr 12, 2024 Supply Chain Attack / Malware
The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called  DarkBeatC2 , becoming the latest such tool in its arsenal after  SimpleHarm ,  MuddyC3, PhonyC2 , and  MuddyC2Go . "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater's methods remain constant," Deep Instinct security researcher Simon Kenin  said  in a technical report published last week. MuddyWater, also called Boggy Serpens, Mango Sandstorm, and TA450, is assessed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS). It's known to be active since at least 2017, orchestrating spear-phishing attacks that lead to the deployment of various legitimate Remote Monitoring and Management (RMM) solutions on compromised systems. Prior findings from Microsoft show that the group has ties with another Iranian threat activity cluster tracked as  Storm-1084  (aka DarkBit), with t
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Expert Insights / Articles Videos
Cybersecurity Resources