World Backup Day


Among many other distinctions, today – 31 March – is World Backup Day. Originally the outcome of a Reddit thread about poor backup habits (hence the chosen date – if you don’t back up your data today you’ll be a fool tomorrow), the day has now evolved into an awareness-raising campaign that all computer users […]

New PCI SSC penetration testing guidance


Although Requirement 11 of the PCI DSS mandates regular testing of security systems and processes, Verizon’s 2015 PCI Compliance Report shows that it had the lowest rate of compliance, with the percentage of compliant companies dropping from 40 to 33% in 2014. Vulnerability scanning or penetration testing? The Verizon PCI Compliance Report notes that ‘[the] […]

PCI Security Standards Council confirms April release for PCI DSS v3.1


The PCI Security Standards Council (SSC) has announced that it will publish PCI DSS version 3.1 in April with the PA-DSS revision to follow shortly after. In February, the PCI SSC announced that an inherent weakness in the SSL version 3.0 protocol has deemed it “no longer acceptable for protection of data”, as we reported in a blog post. The […]

New IBM report: 2015 following the same security threat trend as 2014


The new edition of IBM X-Force Threat Intelligence Quarterly – a quarterly report from IBM® X-Force®’s R&D team into the latest security trends – has just been released. The report provides an overview of 2014’s major incidents and looks ahead to what 2015 has in store. “Insane” number of data records breached Leaked data records […]

Slack attack – popular workplace messaging service hacked


Slack, the popular team messaging tool, has announced that it suffered a “security incident” in February in which user information was accessed by hackers, and that it detected “suspicious activity” in a number of Slack accounts. Slack’s homepage currently directs visitors to its blog for “an important security update”, which provides the following details about […]

Serious Fraud Office fined £180,000 for “astounding” lapse


File this one under ‘I for Irony’: that bastion of law and order, the Serious Fraud Office (SFO), has been fined £180,000 by the Information Commissioner’s Office (ICO) following the accidental disclosure of evidence to a witness in a serious fraud, bribery and corruption case. A statement from the ICO explains that, following an investigation […]

Less than a third of companies are fully compliant with PCI within one year of a validation


Forensic investigations conducted by Verizon have proven that over the past ten years, not a single organisation was found to be PCI-compliant at the time of the breach. Verizon is the world’s biggest forensic investigator of data breaches. Verizon’s 2015 PCI Compliance Report has also found that breached companies were 36% less likely to be […]