Archives: Projects

The recent PCI DSS v4.0 has some important changes for eCommerce merchants that use a redirect or iframe to reduce scope to Self-Assessment Questionnaire A (SAQ A). Even though the merchant’s website that meets the criteria for SAQ A does not transmit account data, the website does affect where account data is transmitted. We have […]

Ensure you meet your Microsoft Azure and M365 security responsibilities. Cloud computing is of growing interest across different size companies around the globe. Microsoft Azure is one of the most popular solutions for enterprise, due to its deeply-integrated Azure and 365 cloud services, enterprises can rapidly build and manage complex infrastructure to support key services. […]

Author: Mike Manzotti – Principal Consultant at Dionach Changes in the threat landscape combined with the needs of the modern enterprise often come with the requirement for IT staff to be able to respond to cyber security incidents 24/7. These changes have forced many organisations to outsource the detection and response to these incidents to […]

There are times as a penetration tester that you find something unique. It may not be unique in the field of cyber security but unique to the tester themselves. This was one of those times. During testing on a web application, a couple of interesting discoveries were made. One of which was a security vulnerability […]

This is the second of two parts of our publication, looking at the new section 8 controls of the ISO 27002:2022 update. Please refer to part one for section 5 and section 7 controls.In part two of our post, we will cover: Configuration Management (8.9) Configuration management is the process of maintaining computer systems, servers, and […]

Part 1 of 2 Authors: Shannon-Louise Huxley – GRC Consultant, Steve Rowe – GRC ConsultantThe release of the ISO 27002:2022 update brings a restructure of the standard and several new controls. This post aims to provide a breakdown of these new elements and how best practices can be applied to meet the controls’ objectives. This is the […]

Author: Tony McCutcheon – GRC ConsultantOn the 31st of March 2022, global payment security forum, the PCI Security Standards Council, released PCI DSS v4.0. Following on from PCI DSS v3.2.1 which was released on 1st January 2019, v4.0 addresses emerging threats and technologies more efficiently and provides innovative ways to combat new threats.Below, we will […]

Author: Tony McCutcheon – GRC Consultant The Final Draft of ISO 27002 was released in late 2021 and the final version is expected to be released around 18th February 2022, with the release of the revised version of ISO 27001 following shortly thereafter. Summary of Changes to ISO 27002 The title of ISO 27002 has […]

The Week In Review 19/04 – 23/04 It probably comes as no surprise to hear that 2020 broke all sorts of records for all of the wrong reasons when it came to cyber security. 514 new malware variants were deployed, with 81% of these being privately developed and deployed. Worryingly, there are 1,900 hacker groups in existence […]

The Week In Review 12/04 – 16/04 More than a month has passed since the start of the Exchange Server flaws revelation. While researchers have been trying to analyse the vulnerabilities since the beginning of this saga, some new discoveries have been made. This is the case of the NSA who discovered other bugs in the […]