TL;DR:
– PCI SSC is seeking feedback for PCI PIN Transaction Security (PTS) Point of Interaction Modular Security Requirements version 7.0 draft to enhance payment industry security.
– Adam Iza, involved in corruption and extortion with rogue cops, is connected to cybercriminal activities and past hacker groups like UGNazi.
– The U.S. sanctioned and indicted Russian cybercriminals Timur Kamilevich Shakhmametov and Sergey Sergeevich Ivanov, targeting Joker’s Stash for selling stolen credit cards and Cryptex for money laundering.
– PCI DSS v4.x introduces 64 new requirements; early adoption is crucial to ensure data safety and compliance with rules against cyber threats.
You need to stay sharp in cybersecurity, but who has the time to scan through all the headlines? "This Week in Cybersecurity" is your solution! I'm here to dig through the noise and bring you the most pressing threats and news. Catch up on zero-day exploits and data breaches affecting companies like yours. Let's keep you updated and one step ahead of those threat actors. Dive in now!
PCI SSC Seeks Input on Security Update
The PCI Security Standards Council announced a key event this week. They started a 30-day request for comments period from October 1 to November 1. Feedback is needed on the draft of the PCI PIN Transaction Security (PTS) Point of Interaction (POI) Version 7.0. These updates could change the security landscape of payments.
What Does the Draft Say?
The draft updates the current security rules. It moves from version 6.2 to 7.0 and aims to fight tampering and malware. It includes over 30 changes and 14 new pieces of advice. Important updates cover biometric safety and third-party app use. A new rule requires cryptographic keys to be 128 bits strong for device security.
Why Gather Public Feedback?
The Council wants opinions to fine-tune these security rules. Eligible people can view the draft on the PCI SSC portal but must agree to a Non-Disclosure Agreement first. Comments must be submitted by November 1. Only feedback sent then will be considered.
This feedback period lets those in the payment sector shape security strategies. The updates aim to meet industry needs and boost protection for card transactions.
For more details or to join in, visit the PCI SSC blog post.
Crooked Cops and Cyber Crime
The FBI is tackling a case involving Adam Iza, a California resident. He faces accusations of corruption and using police alliances for crime. The complaint reveals Iza used his connection with the LAPD to threaten rivals.
Shocking Corruption Case
Iza's link to the Los Angeles Sheriff's Department is disturbing. The complaint suggests some officers took payments to assist Iza. This includes attempts to intimidate Enzo Zelocchi with armed threats.
Deeper Issues
This situation exposes the risk of law enforcement involvement in crime. It threatens public trust and safety. Iza's ties to hacker groups like UGNazi add complexity. His actions range from harassment for cryptocurrency passwords to his role in Zort, a platform causing investor losses.
For the in-depth story, read the detailed report by KrebsOnSecurity here: KrebsOnSecurity.
The U.S. Fights Cyber Crime
The U.S. moved to curb cybercrime by acting against criminals. Two main figures, Timur Kamilevich Shakhmametov and Sergey Sergeevich Ivanov, were involved.
Notorious Cyber Figures
Shakhmametov led Joker's Stash, a major hub for stolen payment cards. Ivanov ran Cryptex, a significant money laundering platform.
The Importance of Action
Sanctioning these people disrupts their network. The goal is to break the financial systems of cybercriminals. The U.S. wants to prevent profits from crime.
For additional information, visit Krebs on Security.
Embrace PCI DSS v4.x Changes
PCI DSS v4.x brought major changes to payment data safety. The old version, v3.2.1, ended in March 2024. Organizations should now shift to the new standards.
New Requirements
There are 64 new rules, and 51 will become mandatory by March 2025. Start early for smooth transitions. Changes include frequent security scans for online merchants and third-party compliance with PCI DSS v4.x.
The Value of Early Adoption
Adopting these changes is vital for defending against cyber threats. New rules emphasize staff roles and regular training for data handling. Yearly scope validation catches environmental changes, enhancing security.
To explore further details, check this resource: PCI Security Standards Blog.
Conclusion
We've explored how to stay informed in the fast-paced world of cybersecurity. By providing a quick review of weekly threats and exploits, you can stay one step ahead. This approach helps protect against zero-day vulnerabilities and data breaches. Keeping updated is crucial to defend your systems effectively. With "This Week in Cybersecurity," you gain valuable insights without wasting time. Stay informed, stay secure, and always be prepared for the next challenge.