Geek-Guy.com

Category: Compliance

Call of Duty: From pew-pew to pwned

In episode 425 of “Smashing Security”, Graham reveals how “Call of Duty: WWII” has been weaponised – allowing hackers to hijack your entire PC during online matches, thanks to ancient code and Microsoft’s Game Pass. Meanwhile, Carole digs into a con targeting the recently incarcerated, with scammers impersonating bail bond agents to fleece desperate families.…

Surveillance, spyware, and self-driving snafus

A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because “ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect. Meanwhile, Carole checks the rear-view mirror on the driverless car…

Fake Receipt Detector Technology: Protecting Financial Integrity in the Digital Age

The rise of sophisticated digital tools and artificial intelligence has revolutionized many aspects of business and finance, but it has also created new opportunities for fraudulent activities. Among the most concerning developments is the increasing prevalence of fake receipts and fraudulent expense documentation. As businesses, insurance companies, and financial institutions grapple with these challenges, the…

Going Beyond the Hype of DPDPA Compliance: Are You Breach Ready?

The Digital Personal Data Protection Act (DPDPA) marks a turning point for data privacy in India. Passed in 2023, the Act establishes a clear framework for the collection, processing, storage, and protection of personal data. For enterprises, it signals a deeper shift in how data responsibilities are assigned, and how businesses must be structured to…

Going Beyond the Hype of DPDPA Compliance: Are You Breach Ready?

The Digital Personal Data Protection Act (DPDPA) marks a turning point for data privacy in India. Passed in 2023, the Act establishes a clear framework for the collection, processing, storage, and protection of personal data. For enterprises, it signals a deeper shift in how data responsibilities are assigned, and how businesses must be structured to…

Going Beyond the Hype of DPDPA Compliance: Are You Breach Ready?

The Digital Personal Data Protection Act (DPDPA) marks a turning point for data privacy in India. Passed in 2023, the Act establishes a clear framework for the collection, processing, storage, and protection of personal data. For enterprises, it signals a deeper shift in how data responsibilities are assigned, and how businesses must be structured to…

Operation Endgame, deepfakes, and dead slugs

In this episode, Graham unravels Operation Endgame – the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. Meanwhile, Carole exposes the AI-generated remote hiring threat. Could your next coworker be a North Korean hacker with a perfect LinkedIn? And BBC cyber correspondent Joe Tidy…

Cyber Resilience in Zeiten geopolitischer Unsicherheit

Cyberbedrohungen existieren längst nicht mehr im luftleeren Raum – sie entstehen im Spannungsfeld von Geopolitik, regulatorischer Zersplitterung und einer stetig wachsenden digitalen Angriffsfläche. vectorfusionart – shutterstock.com Cybersecurity ist heute ein rechtliches, operatives und geopolitisches Thema. Für CIOs und CISOs ist die Botschaft eindeutig: Resilienz bedeutet nicht mehr nur, zu reagieren, sondern vorbereitet zu sein. Vorbereitung…

Sustaining Digital Certificate Security – Upcoming Changes to the Chrome Root Store

Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025. The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that…

Sustaining Digital Certificate Security – Upcoming Changes to the Chrome Root Store

Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025. The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that…

Victoria’s Secret Hit by Cyberattack — Here’s What They’re Not Telling You

Victoria’s Secret, the globally recognized lingerie and fashion retailer, has taken its U.S. e-commerce website offline and limited some in-store services following a confirmed cybersecurity incident. While details remain sparse, the nature and scale of the response strongly suggest a potential data breach or cyberattack affecting both digital and physical retail operations. On the evening…

Actionable Protection Strategies for 2025 with Shrav Mehta

Shrav Mehta explores lessons from 2024’s costliest data breaches and provides actionable protection strategies for 2025. This discussion examines the current cybersecurity landscape and demonstrates how Secureframe helps organizations navigate regulatory and technological changes without compromising security or compliance. Compliance has always been a pain point for engineering teams—tedious, expensive, and often disconnected from real-time..…

Navigating PCI DSS 4.0 Compliance: How Automated Data Discovery Can Help

The Payment Card Industry Security Standards Council (PCI SSC) continues to evolve its flagship data security standard. The latest version encourages complying organizations to move away from traditional, periodic audits to a process of continuous risk management and monitoring. Yet this is only going to get the desired results if those same organizations have a…

New security requirements adopted by HTTPS certificate industry

Posted by Chrome Root Program, Chrome Security Team The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen…

New security requirements adopted by HTTPS certificate industry

Posted by Chrome Root Program, Chrome Security Team The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome. We previously described how the Chrome Root Program keeps users safe, and described how the program is focused on promoting technologies and practices that strengthen…

Why Only Phishing Simulations Are Not Enough

In the world of cybersecurity awareness, phishing simulations have long been touted as the frontline defense against cyber threats. However, while they are instrumental, relying solely on these simulations can leave significant gaps in an organization’s security training program. At CybeReady, we understand that comprehensive preparedness requires a more holistic approach. The Limitations of Phishing…

Moving Past Compensating Controls: The Long-Term Value of Tokenization for PCI DSS

With the deadline for PCI DSS 4.0 compliance just around the corner, it’s decision time for organizations. For many, compensating controls are a godsend, introducing a degree of flexibility into what is otherwise a rigorous, demanding and heavily detailed standard. But while this approach can be a useful means of temporarily meeting PCI DSS 4.0…

Compensating Controls, Customized Approach and Tokenization in PCI DSS 4.0

The Payment Card Industry Data Security Standard (PCI DSS) has always been considered one of the most prescriptive industry mandates around. And well might it be, given what’s at stake. As breach volumes surge and threat actors find it ever easier to bypass traditional cyber-defenses, the card industry must ensure that complying organizations are doing…

Top 7 Cyber Security Challenges Faced by SaaS Organizations

Today’s technology-driven world needs Software-as-a-Service (SaaS) organizations. Their software solutions help organizations perform effectively and efficiently. SaaS applications are easily available over the internet. It allows users to access them via a web browser without requiring complex installations or infrastructure. With 42,000 SaaS companies worldwide, it makes up 36.6% of the cloud service market. The…

What is the Process of ISO 27001 Certification?

In 2025, the cost of cyberattacks will reach $10.5 trillion globally. The projected growth rate is 15% every year. While the cost of attack keeps increasing, a breach is now identified in 194 days on average. It takes 64 days to contain a breach and 88 days on average to resolve an attack facilitated through…

CMMC is Here: Simplifying Compliance with Enclaves 

A joint blog featuring CISO Global’s Compliance Team & PreVeil The long-anticipated CMMC rule (CFR 32) is now live, marking a crucial turning point for defense contractors. The Compliance Team at CISO Global recently passed our CMMC Audit and are well on the way to becoming a CMMC Certified Third-Party Assessor Organization, or C3PAO. Although…

Aembit Earns SOC 2 Type II Recertification for Ongoing Security and Compliance

2 min readThis certification validates our ongoing commitment to protecting customer data and maintaining rigorous security controls. The post Aembit Earns SOC 2 Type II Recertification for Ongoing Security and Compliance appeared first on Aembit. The post Aembit Earns SOC 2 Type II Recertification for Ongoing Security and Compliance appeared first on Security Boulevard.

New Guidelines: Cybersecurity Resilience in the Healthcare Industry

Lou Morentin, VP of Compliance & Privacy There are a number of significant changes coming to Healthcare Cybersecurity requirements. While not all are finalized, they point the way towards Health and Human Services tightening the controls and requirements. Healthcare Cybersecurity: A Shift Towards Resilience The healthcare industry is facing an evolving threat landscape, with cyberattacks…

Video: How Omega Systems Puts The Security In MSSP

In this episode of Channel Insider: Partner POV, host Katie Bavoso sits down with Mike Fuhrman, CEO of Omega Systems, to discuss the company’s transformation from a traditional Managed Service Provider (MSP) to a Managed Security Services Provider (MSSP). This shift was a priority for Fuhrman when he joined the company in 2021. Fuhrman explains…

The Transformative Role of AI in Cybersecurity

2025 marks a pivotal moment in the integration of artificial intelligence (AI) and cybersecurity. Rapid advancements in AI are not only redefining industries; they are reshaping the cybersecurity landscape in profound ways. Through this evolution, I have noted three primary […] The post The Transformative Role of AI in Cybersecurity appeared first on TechSpective. The…

Preparing for PCI DSS 4.0: How Sonatype SBOM Manager can streamline and accelerate your transition

Payment Card Industry Data Security Standard (PCI DSS) was developed to strengthen payment account data security and standardize globally the necessary security controls. The transition from PCI DSS 3.2.1 and earlier versions to v4.0 involves significant changes aimed at enhancing payment security, providing flexibility in implementation, and addressing emerging threats. The post Preparing for PCI…

GDPR Compliance in the US: Checklist and Requirements

The European Union (EU)’s General Data Protection Regulation (GDPR) isn’t just a European concern. As GDPR-U.S. interactions become more complex, international businesses (including American ones) must comply with this regulation when handling data from EU citizens. If your company collects, processes, or stores data from the EU or European Economic Area (EEA)—including Iceland, Norway, and…

What PCI Attestation of Compliance Is and How to Get It

Every time a customer swipes their credit card, they trust that business to protect their sensitive payment information against mishandling or fraud. But proving that trust in the right place requires certification. The post What PCI Attestation of Compliance Is and How to Get It appeared first on Security Boulevard.

Third Party Risk Management: So vermeiden Sie Compliance-Unheil

Third Party Risk Management hilft Unternehmen, das Risiko von Compliance-Verstößen zu vermeiden. Foto: Diyajyoti – shutterstock.com In Zeiten der Digitalisierung ist es für Unternehmen unerlässlich, auf die Unterstützung von Drittanbietern zurückzugreifen. Sei es im Bereich der IT-Infrastruktur oder bei der Datenverarbeitung – externe Dienstleister helfen dabei, Geschäftsprozesse effektiver und effizienter zu gestalten. Doch mit der…

Top 6 Vendor Risk Management Software for MSPs in 2025

Managing third-party risks is becoming more critical for managed service providers (MSPs) as cybersecurity threats evolve. Vendor risk management (VRM) software simplifies this process, helping MSPs assess, monitor, and mitigate risks associated with third-party vendors. Explore six of the best vendor risk management tools to streamline compliance, enhance security, or protect your client’s sensitive data.…

Best Internet Security Software

After more than a year of high-profile cyber attacks and now the threat of cyber war, businesses and even consumers are taking cybersecurity seriously. Regardless of size or sector, every company is a potential target, and cybercrime will only grow as data becomes more valuable. In light of these risks, organizations need to reevaluate their…

Best Internet Security Software

After more than a year of high-profile cyber attacks and now the threat of cyber war, businesses and even consumers are taking cybersecurity seriously. Regardless of size or sector, every company is a potential target, and cybercrime will only grow as data becomes more valuable. In light of these risks, organizations need to reevaluate their…

Payment Security: Understanding the Four Corner Model

Introduction Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wallet, and POS payment transactions that enable easy payment transactions for consumers. However, the card scheme is a popular payment transaction process which…

Payment Security: Understanding the Four Corner Model

Introduction Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wallet, and POS payment transactions that enable easy payment transactions for consumers. However, the card scheme is a popular payment transaction process which…

Payment Security: Understanding the Four Corner Model

Introduction Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wallet, and POS payment transactions that enable easy payment transactions for consumers. However, the card scheme is a popular payment transaction process which…

Payment Security: Understanding the Four Corner Model

Introduction Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wallet, and POS payment transactions that enable easy payment transactions for consumers. However, the card scheme is a popular payment transaction process which…

Payment Security: Understanding the Four Corner Model

Introduction Online shopping digital payment transactions may seem quite simple, but in reality, just one single transaction sets off multiple, long-chain reactions. The Payment Card Industry comprises debit cards, credit cards, prepaid, e-purse/e-wallet, and POS payment transactions that enable easy payment transactions for consumers. However, the card scheme is a popular payment transaction process which…