AI hallucination is still the deal-breaker. Related: Correcting LLM hallucinations As companies rush AI into production, executives face a basic constraint: you cannot automate a workflow if you cannot trust the output. A model that fabricates facts becomes a risk exposure. CISOs now have to explain this clearly to boards, who expect assurances that fabrication…
Category: Compliance
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, malware, News Alerts, Risk Management, Top Stories
News alert: Forrester study finds Airlock Digital’s app control cuts breaches to zero with 224% ROI
ATLANTA, Jan. 20, 2026, CyberNewswire — Airlock Digital, a leader in proactive application control and endpoint security, announced the release of The Total Economic Impact (TEI) of Airlock Digital, an independent study commissioned by Airlock Digital and conducted by Forrester Consulting. The study demonstrates a significant 224% return on investment (ROI) and a $3.8 million net…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, News Alerts, Risk Management, Top Stories
News alert: One Identity launches AI-powered ‘Identity Manager’ to speed threat response
ALISO VIEJO, Calif., Jan. 20, 2026, CyberNewswire — One Identity, a trusted leader in identity security, today announces a major upgrade to One Identity Manager, a top-rated IGA solution, strengthening identity governance as a critical security control for modern enterprise environments. And I got curious I started asking AI I told him dollars $25 or nothing 80% showcase generation a year generation like $8000 One Identity…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance
Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope
Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Compliance, Europe, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 2
In Part 1, we explored the foundational strategy, including data classification frameworks and tagging approaches. In this post, we examine the technical implementation approach and key architectural patterns for building a governance framework. We explore governance controls across four implementation areas, building from foundational monitoring to advanced automation. Each area builds on the previous one,…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Apps, Compliance, Cybersecurity, Data Security, Global Security News, governance, Risk Management, Security & Governance, Security Blog, Security, Identity, & Compliance
Implementing data governance on AWS: Automation, tagging, and lifecycle strategy – Part 1
Generative AI and machine learning workloads create massive amounts of data. Organizations need data governance to manage this growth and stay compliant. While data governance isn’t a new concept, recent studies highlight a concerning gap: a Gartner study of 300 IT executives revealed that only 60% of organizations have implemented a data governance strategy, with…
AI, Compliance, Data Breaches, Global Security News, malware, Network Security, privacy
From Instagram panic to Grok gone wild
Confusion reigns after claims that data linked to 17.5 million Instagram accounts is up for sale – sparked by a vague post, contradictory statements, and a flood of password reset emails nobody asked for. And we dig into Grok, Elon Musk’s AI chatbot, after it started generating sexualised images of women and children – raising…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Apps, Automation, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Risk Management, Security, Identity, & Compliance, Technical How-to
Streamline security response at scale with AWS Security Hub automation
A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management
Fall 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…
AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…
AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…
AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…
AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…
AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…
AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance
Real-time malware defense: Leveraging AWS Network Firewall active threat defense
Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…
AI, china, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Venture
How to scam someone in seven days
Romance scammers have apparently discovered astrology… and Taurus is their secret weapon. In episode 449 of “Smashing Security”, we take a look inside an actual romance-fraud handbook – complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto. Then Lesley “hacks4pancakes” Carhart delivers a…
AI, Artificial Intelligence (AI), Commentary, Compliance, Global Security News, op-ed
AI doesn’t care if it’s in California or Texas. It just runs.
Artificial intelligence is evolving faster than regulators can keep up. In the absence of federal guidance, states have taken matters into their own hands. California’s S.B. 53 is only one example of a state attempting to shape how AI is built and used. Although these laws are well-intentioned and help protect consumers and promote transparency…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, API security, Apps, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, privacy, Risk Management
From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.” While known AI threats involve tricking an agent with malicious…
AI, Compliance, Data Breaches, Europe, Exploits, Global Security News, privacy, Russia
The Kindle that got pwned
Think your Kindle is harmless? Think again! In this episode, Graham and special guest Danny Palmer unpack a Black Hat Europe talk revealing how a boobytrapped audiobook could exploit the Amazon eBook reader – potentially letting an attacker break into your account and seize control of your credit card. Plus a blast from 2021’s “summer…
AI, Apps, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Security, Identity, & Compliance, Technical How-to
Security Hub CSPM automation rule migration to Security Hub
A new version of AWS Security Hub is now generally available with new capabilities to aggregate, correlate, and contextualize your security alerts across Amazon Web Services (AWS) accounts. The prior version is now known as AWS Security Hub CSPM and will continue to be available as a unique service focused on cloud security posture management…
AI, Apps, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Security, Identity, & Compliance, Technical How-to
Security Hub CSPM automation rule migration to Security Hub
A new version of AWS Security Hub is now generally available with new capabilities to aggregate, correlate, and contextualize your security alerts across Amazon Web Services (AWS) accounts. The prior version is now known as AWS Security Hub CSPM and will continue to be available as a unique service focused on cloud security posture management…
AI, Apps, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Security, Identity, & Compliance, Technical How-to
Security Hub CSPM automation rule migration to Security Hub
A new version of AWS Security Hub is now generally available with new capabilities to aggregate, correlate, and contextualize your security alerts across Amazon Web Services (AWS) accounts. The prior version is now known as AWS Security Hub CSPM and will continue to be available as a unique service focused on cloud security posture management…
AI, Apps, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Security, Identity, & Compliance, Technical How-to
Security Hub CSPM automation rule migration to Security Hub
A new version of AWS Security Hub is now generally available with new capabilities to aggregate, correlate, and contextualize your security alerts across Amazon Web Services (AWS) accounts. The prior version is now known as AWS Security Hub CSPM and will continue to be available as a unique service focused on cloud security posture management…
AI, Apps, AWS Security Hub, Cloud Security, Compliance, Cybersecurity, Global Security News, Intermediate (200), Security, Identity, & Compliance, Technical How-to
Security Hub CSPM automation rule migration to Security Hub
A new version of AWS Security Hub is now generally available with new capabilities to aggregate, correlate, and contextualize your security alerts across Amazon Web Services (AWS) accounts. The prior version is now known as AWS Security Hub CSPM and will continue to be available as a unique service focused on cloud security posture management…
AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance
GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…
AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance
GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…
AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance
GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…
AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance
GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS
Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…
AI, Apps, Best Practices, Cloud Security, Compliance, Cybersecurity, Exploits, Foundational (100), Global Security News, malware, Network Security, Security, Identity, & Compliance
What AWS Security learned from responding to recent npm supply chain threat campaigns
AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories have highlighted the importance of protecting…
AI, Apps, Best Practices, Cloud Security, Compliance, Cybersecurity, Exploits, Foundational (100), Global Security News, malware, Network Security, Security, Identity, & Compliance
What AWS Security learned from responding to recent npm supply chain threat campaigns
AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories have highlighted the importance of protecting…
AI, Apps, Best Practices, Cloud Security, Compliance, Cybersecurity, Exploits, Foundational (100), Global Security News, malware, Network Security, Security, Identity, & Compliance
What AWS Security learned from responding to recent npm supply chain threat campaigns
AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories have highlighted the importance of protecting…
AI, Compliance, Exploits, Global Security News, Government & Policy, Network Security, privacy
Grok the stalker, the Louvre heist, and Microsoft 365 mayhem
On this week’s show we learn that AI really can be a stalker’s best friend, as we explore a strange tale that starts with a manatee-shaped mailbox on a millionaire’s lawn and ends with Grok happily doxxing real people, mapping out stalking “strategies,” and handing out revenge-porn tips. Then we go inside the Louvre heist,…
AI, Compliance, Cybersecurity, Global Security News, malware, privacy, Risk Management
A hacker doxxes himself, and social engineering-as-a-service
A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus,…
AI, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, privacy
The hack that brought back the zombie apocalypse
America’s airwaves are haunted by zombies again, as we dig into a decade of broadcasters leaving their hardware open to attack, giving hackers the chance to hijack TV shows, blast out fake emergency alerts, and even replace religious sermons with explicit furry podcasts. Meanwhile, we look at how a worker at a cybersecurity firm allegedly…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy
We’re sorry. Wait, did a company actually say that?
Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. In episode 444 of “Smashing Security” we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that…
Compliance, Global Security News
Bundestag beschließt NIS2-Umsetzung
srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?quality=50&strip=all 7000w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=300%2C193&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=768%2C494&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=1024%2C658&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=1536%2C987&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=2048%2C1317&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=1084%2C697&quality=50&strip=all 1084w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=261%2C168&quality=50&strip=all 261w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=131%2C84&quality=50&strip=all 131w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=747%2C480&quality=50&strip=all 747w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=560%2C360&quality=50&strip=all 560w, https://b2b-contenthub.com/wp-content/uploads/2025/11/shutterstock_2692248471.jpg?resize=389%2C250&quality=50&strip=all 389w” width=”1024″ height=”658″ sizes=”auto, (max-width: 1024px) 100vw, 1024px”>Ursprünglich hätte die EU-Richtlinie NIS2 bereits im Oktober 2024 in nationales Recht umgesetzt werden müssen. Der jetzt vom Bundestag beschlossene Gesetzesentwurf sorgt weiterhin für Gesprächsstoff.…
AI, Compliance, Endpoint, Global Security News, privacy
Tinder’s camera roll and the Buffett deepfake
Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing “number one investment tips.” Meanwhile, will agentic AI replace your co-hosts before you can say “EDR for robots”? and why you should still read books. All this, plus Lily Allen’s new album and Claude…
Commentary, Compliance, Cybersecurity, Exploits, Global Security News, op-ed, Policy
The quiet revolution: How regulation is forcing cybersecurity accountability
Cybersecurity headlines still focus on the headline-grabbing moments, whether it’s the latest breach, a zero-day exploit, or an eye-catching product launch. However, beneath the surface noise, a quieter but more profound transformation is taking place—driven by regulations that are changing the way organizations think about, approach, and communicate on security.” Across the globe, new standards…
AI, china, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, privacy, Risk Management, Russia
The hack that messed with time, and rogue ransomware negotiators
Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go wrong? All this and more is discussed in episode 442 of the “Smashing Security” podcast…
AI, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, privacy, Russia
Inside the mob’s million-dollar poker hack, and a Formula 1 fumble
Basketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details of Formula 1 megastars. Plus: Graham’s “Pick of the Week” turns…
AI, china, Compliance, Cybersecurity, Global Security News, privacy
How to hack a prison, and the hidden threat of online checkouts
A literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers. Plus: Graham reveals his new-found superpower with Keyboard Maestro,…
AI, Apps, Compliance, Cybersecurity, data breach, Data Breaches, Exploits, F5, forensics, Global Security News, Government & Policy, Information Security, Network Security, Risk Management
Think Your Firewall Is Safe? The F5 Hack Proves It’s the Perfect Trojan Horse
In what is being described as one of the most consequential cyber-espionage operations of the year, US technology vendor F5 Networks has confirmed that nation-state threat actors successfully infiltrated its internal environment, stealing source code and vulnerability intelligence related to its flagship BIG-IP product line — a core networking and application delivery system used by…
AI, Compliance, Cybersecurity, Global Security News, privacy, Russia
A breach, a burnout, and a bit of Fleetwood Mac
A critical infrastructure hack hits the headlines – involving default passwords, boasts on Telegram, and a finale that will make a few cyber-crooks wish the ground would swallow them whole. Meanwhile we dig into the bit we don’t talk about enough: the human cost of defending companies from hackers – stress, burnout, and how better…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management, Venture
When your mouse turns snitch, and hackers grow a conscience
Your computer’s mouse might not be as innocent as it looks – and one ransomware crew has a crisis of conscience that nobody saw coming. We talk about how something as ordinary as a web page could turn your mouse into a surprisingly nosey neighbour, and why ransomware gangs need to think carefully about their…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, privacy, Risk Management
Salesforce’s trusted domain of doom
Researchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed “ForcedLeak”, let them smuggle AI-read instructions in via humble Web-to-Lead form… and ended up spilling data for the low, low price of five dollars. And we discuss why data breach communications still default to “we take security seriously” while quietly implying “assume no…
AI, Compliance, Cybersecurity, Global Security News, malware, privacy
The €600,000 gold heist, powered by ransomware
Ransomware doesn’t just freeze computers – it can silence alarms too. And when the Natural History Museum in Paris went dark, thieves helped themselves to €600,000 worth of gold in a daring late-night heist. Meanwhile, developers have a new headache: a worm dubbed “Shai Hulud” has wriggled its way through more than 180 npm packages,…
AI, Compliance, Global Security News, Network Security, privacy
Lights! Camera! Hacktion!
When “bad actors” stop being hackers and start being… actual actors. This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake casting calls for a serious film. We unpack why positive…
AI, Compliance, Global Security News, privacy, Risk Management
Whopper Hackers, and AI Whoppers
Ever wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did – and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon. Meanwhile, over in Silicon Valley, one AI wunderkind managed to turn a $7…
AI, Compliance, Global Security News, malware, Network Security, privacy
How hackers turned AI into their new henchman
Your AI reads the small print, and that’s a problem. This week in episode 433 of “Smashing Security” we dig into LegalPwn – malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator). Meanwhile, new research from Anthropic reveals that hackers have already…
Awareness, Compliance, Global Security News, PCI DSS, PCI SSC
Beware of PCI DSS Compliance Certificates
The PCI Security Standards Council (PCI SSC) is often asked whether compliance certificates are acceptable to demonstrate an organization’s validation to the PCI Data Security Standard (PCI DSS).
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, privacy
Red flags, leaked chats, and a final farewell
The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. Plus, Carole takes us down memory lane as she hangs up her co-host mic…
Compliance, Global Security News
Empathie trifft IT-Sicherheit: Der Weg zu gelebter Compliance
CISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten. earthphotostock – shutterstock.com In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder praxisfern empfinden. Dies erschwert die Umsetzung, untergräbt die Wirksamkeit und belastet die Zusammenarbeit zwischen der Sicherheitsabteilung und den Fachbereichen. Statt als Partner wird Cybersecurity oft als Bremser wahrgenommen – ein…
AI, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, privacy, Risk Management
When 2G attacks, and a romantic road trip goes wrong
In this episode, Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once. Meanwhile, Carole unpacks a painfully awkward…
AI, Compliance, Cybersecurity, Global Security News, privacy
Choo Choo Choose to ignore the vulnerability
In episode 426 of the “Smashing Security” podcast, Graham reveals how you can hijack a train’s brakes from 150 miles away using kit cheaper than a second-hand PlayStation. Meanwhile, Carole investigates how Grok went berserk, which didn’t stop the Department of Defense signing a contract with Elon’s AI chatbot. So who is responsible when your…
