Cyber Security Consulting Services Provider of the Year
HALOCK Security Labs is a finalist for:
Cyber Security Consulting Services Provider of the Year
Intelligent Insurer’s Cyber Insurance Awards USA 2025
The Cyber Insurance Awards Program seeks to honor the outstanding contributions of individuals and organizations that have significantly raised the bar in managing cyber risk. The (more…)
Are you Keeping an Inventory of Cipher Suites and Certificates for the New PCI DSS?
We recently discussed the required cataloging of your organization’s software for the future PCI DSS v4. While maintaining inventories is not a novel concept for digital organizations, PCI DSS v4.0.1 introduces several new inventory requirements that many organizations may not currently have in place:
Documented Cipher Suite Inventory
No doubt at some point you have rummaged through a drawer and found an old key or two and wondered if you may still (more…)
The Silent Threat: How PCI DSS 4.0.1 Tackles Service Account Vulnerabilities
While organizations rightly prioritize protecting employee accounts from cybersecurity threats, particularly those with elevated privileges, service accounts too often receive less attention despite their critical nature. Service accounts operate silently in the background, running critical business applications and services that are essential for operations.
The importance of securing service accounts is now formally recognized in PCI DSS v4.0.1, which introduces new requirements taking effect March 31, (more…)
Satisfying the SAQ-A Eligibility Criteria Update
Are You Outsourcing eCommerce?
Our recent article PCI SSC Updates SAQ A: Removal of Key E-Commerce Security Requirements & New Eligibility Criteria outlined significant requirement updates – who this affects and next steps. These requirements are still part of PCI DSS v4.0.1 and the March 31, 2025 deadline. However, SAQ type A merchants are no longer required to validate compliance with them, as long as (more…)
The New PCI DSS v4.0.1 Software Catalog Mandate: Are You Ready?
Some of the 51 future dated requirements of the new PCI DSS v4.0.1 that become effective on March 31, 2025, are related to inventory management. Let’s start by talking about software. In the digital era, software has become the fundamental engine powering organizational operations, and your organization undoubtedly relies on a variety of software applications to conduct business, many of which are bespoke or (more…)
PCI SSC Updates SAQ A: Removal of Key E-Commerce Security Requirements & New Eligibility Criteria
The PCI Security Standards Council (PCI SSC) has made significant updates to Self-Assessment Questionnaire type A (SAQ A) as part of PCI DSS v4.0.1. These changes impact e-commerce merchants who outsource payment processing and previously relied on the SAQ A for compliance validation.
The latest modifications include:
- Removal of PCI DSS Requirements 6.4.3, 11.6.1, and 12.3.1 from SAQ A.
- New eligibility criteria requiring merchants to confirm (more…)
What Legislation Protects Against Deepfakes and Synthetic Media?
A Deep Look at Legislation
Deepfake legislation in the U.S. is advancing swiftly to combat the rising risks associated with synthetic media, addressing critical areas such as cybersecurity, privacy, election integrity, and intellectual property. Federal and state lawmakers are enacting and refining laws to curb the misuse of deepfake technology, focusing on issues like fraud, defamation, election manipulation, and (more…)
What is the PCI DSS v4.0.1 Requirement for PoLP?
Least Privilege Takes Center Stage in PCI DSS Update
In today’s digital landscape, organizations recognize that completely preventing cyberattacks is nearly impossible. As a result, the principle of least privilege (PoLP) has become a cornerstone of modern cybersecurity strategies. By restricting user account permissions to the minimum required for specific tasks, PoLP minimizes the potential damage from breaches, unauthorized access, and insider threats.
What is the PCI (more…)
What is the PCI DSS v4 Authenticated Scanning Mandate?
Preparing for PCI DSS 4.0.1: The Authenticated Scanning Mandate
As organizations prepare for PCI DSS v4.0.1 enforcement on March 31, 2025, Requirement 11.3.1.2 introduces a critical update: the mandate for authenticated internal vulnerability scans. This new requirement addresses limitations in previous versions by requiring deeper, more accurate assessments of internal vulnerabilities.
What are the Key Points of Requirement 11.3.1.2?
- Authenticated Access: Internal scans must use privileged credentials.
