Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Server configuration hardening is a basic requirement for compliance with Payment Card Industry Data Security Standard (PCI DSS) v4.0 that was updated in April 2022 from PCI DSS Version 3.2.1. Server hardening is a fundamental process that ensures the security of servers in the network by reducing the servers attack surface through implementation of secure configurations.

On July 2023, the Securities and Exchange Commission (SEC) implemented a final rule mandating public companies to furnish comprehensive and uniform disclosures pertaining to cybersecurity risk management, strategy, governance, and incidents. We’re going to discuss SEC Cybersecurity Disclosure Rules and What You Need to Know.

The Payment Card Industry Data Security Standard (PCI DSS) are commonly followed by organizations that handle credit card transactions to ensure the security of cardholder data. Since standards and requirements can change over time, it’s essential to refer to the most recent version of the PCI DSS v4.0 standard for the most up-to-date information. PCI DSS v4.0 was updated in April 2022. The description of the updated change from PCI DSS v3.2.1 to PCI DSS v4.0 states.

The Center for Internet Security (CIS) published an updated version for the CIS Controls- CIS Controls v8. The CIS Controls are a set of gold standard guidelines for organizations facing data security issues. These controls were developed to simplify and help IT ops and security teams to remain focused on the essentials. The CIS updates its recommendation according to changes and new discoveries in the Information Security field. The 8th version of the CIS Controls was published in May 2021.

Open-source cybersecurity tools offer a prime solution for independent security experts, emerging businesses, and even medium to large enterprises aiming to tailor their security framework. These tools serve as a foundational platform for fostering security advancements, integrating proprietary software code and security automation scripts.

A phishing campaign carried out by the threat actor known as Storm-0978 has been detected by Microsoft. The campaign specifically targeted defense and government entities in Europe and North America. It exploited the CVE-2023-36884 vulnerability through Word documents, enabling a remote code execution vulnerability. Notably, the attackers used lures associated with the Ukrainian World Congress before the vulnerability was disclosed to Microsoft.

The rapid and widespread adoption of artificial intelligence (AI) has ushered in a new era of technological advancement, revolutionizing various industries and becoming immensely popular worldwide. AI-driven applications and solutions have streamlined processes, improved efficiency, and enhanced the overall user experience. However, this surge in AI’s popularity also comes with a dark side.

CIS IIS 10 Benchmark provides prescriptive guidance for establishing a secure configuration posture for Microsoft Internet Information Services (IIS) version 10. The benchmark provides guidance for establishing a secure configuration posture for IIS version 10. The benchmark is divided into two levels of security controls: Level 1 and Level 2. Level 1 provides a set of fundamental security measures that can be implemented with little or no impact on service availability.

IIS server, Microsoft’s Windows web server is one of the most used web server platforms on the internet. IIS 10 hardening according to the IIS CIS benchmarks is essential for preventing cyber-attacks and achieving CIS compliance. Common breaches happen by using IIS unsecured server protocols and configurations, such as SMB and TLS/SSL. The IIS default configurations is not recommended to use and should be changed to meet the IIS CIS benchmarks requirements.