PCI 4.0 Here What it Means

First of All, PCI 4.0 will not remove the previous version (3.2.1) it will enhance the PCI standard (this information is from the “At a Glance” document at www.pcisecuritystandards.org) What is New in PCI DSS v4.0?There were many changes incorporated into the latest version of the Standard. Below are examples of someof those changes. For … Read more

Catch22 CyberDefending: Why Defense Always Behind

why is the defense always behind? Are there some things that we inherently do not like to do?If there is something that is denying us from doing what is necessary to create a good defense then we have to be mindful of these actions – let’s review some Catch22 items.     Let’s face it … Read more

Another Vulnerability in a Cloud Framework

Rapid7 has found a spring framework vulnerability called Spring4Shell   As usual a new vulnerability requires risk management to be reassessed.   https://nvd.nist.gov/vuln/detail/CVE-2022-22965  Leads to https://tanzu.vmware.com/security/cve-2022-22965 Which says the following information which is important. CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ Affected VMware Products and Versions Severity is critical unless otherwise noted. … Read more