Show threadKevin Karhan Mar 19

@adlerweb ja, absolutes unding!

#PCIDSS sagt neinโ€ฆ

Outpost24Feb 27

Stay PCI DSSโ€“Compliant
๐Ÿ”ต ๐€๐ง๐ง๐ฎ๐š๐ฅ ๐๐‚๐ˆ ๐ƒ๐’๐’ ๐‚๐ก๐ž๐œ๐ค๐ฅ๐ข๐ฌ๐ญ: https://outpost24.com/blog/pci-dss-compliance-checklist/

#PCI #PCIDSS #PCICompliance #InfoSec #RiskManagement

Show threadKevin Karhan Feb 24

@pastelfluffyfox it's also a trap at best and can be used to frame the user of said details as #carding #fraudster!

  • Not to mention since carding #fraud is only getting more rampant since the days of #Boseak, it won't work either because #FraudDetection will simply flag said transactions as fraudulent and preemptively block any charges.
    • And if you think that's extreme: No, that's so old I knew this even before I worked at a payment processor.

NEVER EVER use someone elses' card without authorization and having that being allowed by the card issuer.

  • This is usually not the case NOR would any non-business card issuer agree to it!
    • And OFC they will demand all the #KYC stuff beforehand...

So at best someone violated #PCIDSS and their card issuer's ToS'es but most likely they either want to track you and/or frame you for #CreditCard fraud!

Miamiโ€™s Darklord of Credit Card Scams | John Boseak

YouTube
Show threadDennyFeb 23

@xeraa Das Problem ist auch Graylog. Wir hรคngen an Graylog 6.0.14, weil das die letzte Version ist, die mit dem ELK 7.10 zusammenarbeitet. Fรผr Graylog 6.1 braucht es dann eine sehr aufwende ELK / OpenSearch Migration und die bringt Probleme mit sich. Mein Kollege kรถnnte da genaueres sagen .. aber es war etwas nicht triviales.

Man hat sich dazu entschieden, die Speicherdauer auf 3 Monate zu reduzieren, da unser Syslog (rsyslog) das ganze Jahr speichert, um den #pcidss #auditor glรผcklich zu machen.

Parallel wird geschaut, #victorialogs parallel laufen zu lassen, da der nur einen Bruchteil an Kapazitรคt in Anspruch nimmt.

ThreatcopFeb 19

Ransomware doesnโ€™t just shut down systems โ€” it triggers compliance violations.
๐—š๐——๐—ฃ๐—ฅ deadlines. ๐—›๐—œ๐—ฃ๐—”๐—” reporting. ๐—ฃ๐—–๐—œ-๐——๐—ฆ๐—ฆ investigations.

If employees delay reporting, the legal risk multiplies.

Read more: https://threatcop.com/blog/how-ransomware-threatens-compliance/

#Ransomware #CyberCompliance #GDPR #HIPAA #PCIDSS #CyberRisk #DataProtection #PeopleSecurity #InformationSecurity

Kevin Karhan Jan 8

@neurovagrant @dangoodin @mttaggart @Em0nM4stodon personally, I'd say no #US company can make any privacy claims by design because #CloudAct exists and that applies to everyone (regardless if #ClosedAI or #Signal) having personnel, office, infrastructure or offering services from within the #USA.

#NotLegalAdvice but Cloud Act is irreconcileable with any #privacy & #dataProtection laws, not just #GDPR & #BDSG, but even #HIPAA & #PCIDSS!

Kevin Karhan :verified: (@[email protected])

@[email protected] well, #CloudAct says they'll have ti hand over *any data they have* - *even without a duely issued warrant*โ€ฆ #USpol #NotLegalAdvice #privacy #AI #AIslop #Enshittification #OpenAI #ClosedAI #AIbubble #DataProtection

Infosec.Space
Outpost24Dec 18

๐‚๐จ๐ฆ๐ฉ๐ฅ๐ข๐š๐ง๐œ๐ž ๐–๐ซ๐š๐ฉ๐ฉ๐ž๐ ๐”๐ฉ ๐๐ž๐Ÿ๐จ๐ซ๐ž ๐˜๐ž๐š๐ซ-๐„๐ง๐

If PCI compliance isnโ€™t complete, now is the time to close it.

Our team delivers fully managed PCI DSS scans in 24โ€“48 hours, designed for busy retail and ecommerce environments.

โŒ No last-minute chaos.
โŒ No January carry-over.

โœ… Get your PCI requirements done: https://outpost24.com/products/pci/

#PCIDSS #Compliance #ITSecurity #RiskManagement #GRC

The Cyber UncDec 9

GRC rarely feels like โ€œgovernance, risk, and complianceโ€ and more like alphabet soup with lawyers attached.

I wrote up how I approach GRC as an Associate CCISO: one risk-based program mapped to HIPAA, PCI DSS, NIST CSF, FTC Safeguards, and NIS2 instead of five separate nightmares.

๐Ÿ”— https://www.kylereddoch.me/blog/grc-in-the-real-world-making-hipaa-pci-nist-csf-ftc-safeguards-and-nis2-work-together/

#GRC #CyberSecurity #InfoSec #Compliance #HIPAA #PCIDSS #NISTCSF #NIS2

GRC In The Real World: Making HIPAA, PCI, NIST CSF, FTC Safeguards, and NIS2 Work Together

A practical guide to building one risk-based GRC program that satisfies HIPAA, PCI DSS, NIST CSF, FTC Safeguards, and NIS2 without drowning in duplicate work.

CybersecKyle
csDec 3

Chase account tells me that #Animoto is storing my payment card information despite me closing the account. I reached out to them, and they confirmed my account has been closed. That is NOT why I contacted them. I contacted them because my card company believes they are still holding onto my payment information. I do not know how they know that, but apparently they do, and it shows on the security page at Chase. Chase says they cannot remove it and I must contact the merchant.

#PCI #PCIDSS

Show threadKevin Karhan Dec 3

@jackyan Personally I tend to literally block entire ASNs whenever possible.

  • And in fact with past cleints/employers this was rather welcome'd as there was basically never legitimate customer traffic from #GAFAMs or any of their hosting services.

Obviously #PCIDSS and @bsi standards do call for "best practises" and for a bona-fide payment processor, blocking known proxies and hosters is basically standard procedure, as there's no scenario why a customer would use a credit card over #aws, #Azure or #GCP instead of their (residential or mobile) internet connection.