19th December 2014

A quick word on Poodle

You’ve probably recently heard of the Poodle vulnerability that affects SSL and also TLS in some cases… We’ll try to give a quick update on why you should definitely test your website rapidly and how to address the vulnerability. Firstly, a quick reminder about SSL… SSL has been designed to secure the transport layer on the Internet. On the web, this means that we have […]
29th December 2014

When Visa speaks to QSAs about recent breaches, here is what they say

With 2014 coming to an end, it is probably a good time to look behind at some of those high profile security breaches that made it to the news and try to get a few lessons from them. This is precisely why Visa organises regular catch-ups with the QSA community in an effort to pin point important areas of the PCI DSS standard that appeared […]
8th January 2015

Quick FAQ on lifecycle for PA-DSS v2.0 and v3.0

The newest Payment Application Data Security Standard (PA-DSS) is officially in effect since January 1, 2015. With the introduction of version 3.0 of PA-DSS, payment application vendors want to know how it will affect their operations. Here are answers to a few commonly asked questions.   Can I still submit an application to be validated against PA-DSS v2.0? Short answer is no. Since January 2015, all new […]
2nd March 2015

PCI DSS v3.1 is (already) coming.

Just a couple of months after PCI DSS v3.0 went into full effect, it would appear that it is already time to move on… In reaction to recent vulnerabilities found in the SSL protocol, the PCI Security Standards Council has announced the imminent release of a revision of the standard that will bear version number 3.1. That update follows the discoveries of the very flaws […]
22nd January 2016

250 Hyatt hotels targeted by payment card malware

One more time, a big hotel chain has been hit by a malware directly targeting customers payment card data. The Hyatt hotel chain disclosed details on the attack that was briefly disclosed before Christmas 2015, after a similar breach was disclosed by competing chain Hilton just weeks before, in November 2015. An initial investigation highlighted signs of unauthorised access to payment card data from the […]
22nd February 2016

PCI DSS 3.2 is expected in March/April 2016

We have just received news about the next version of PCI DSS which we initially expected at the end of the year according to the usual standard lifecycle. However, following recent changes to the deadline for Secure Socket Layer (SSL) and early Transport Layer Security (TLS) migration, the release of PCI DSS 3.2 has been announced for early 2016. In a recent blog post, the […]
19th August 2017

The new EU GDPR is coming fast!

The new EU GDPR regulation is fast approaching and at Five Security we believe that it will have a significant (and interesting) impact on how companies will have to manage the data of their customers and end users. What is at stake is, first of all, sanctions in case of non-compliance with the new rules; Fines of up to 4% of the annual turnover with […]