PCI DSS

Tech Optimizer
July 4, 2025
Percona has introduced Transparent Data Encryption (TDE) for PostgreSQL as a fully open-source and production-ready solution, enabling organizations to encrypt data at rest and comply with regulations like PCI DSS v4.0 without incurring licensing fees. The TDE extension, named pg_tde, is now part of the Percona Distribution for PostgreSQL and addresses barriers to adopting enterprise-level data encryption in open-source environments. Key features include encryption of all database files on disk, granular encryption policies, seamless integration into existing systems, and streamlined key management with major Key Management Services. The solution supports online key rotation and has minimal performance impact. Percona also provides 24/7 assistance for setup and management, making the solution accessible to organizations of all sizes.
Tech Optimizer
June 17, 2025
EnterpriseDB has introduced significant advancements to its EDB Postgres AI (EDB PG AI) platform, enabling secure and compliant deployment of AI solutions across Postgres environments. The platform integrates transactional, analytical, and AI workloads into a unified system, featuring automatic pipelines and built-in development tools for data automation. Key capabilities include low-code/no-code simplicity for rapid AI pipeline creation and comprehensive hybrid management for real-time insights across databases. Recent research indicates that only 13% of enterprises have successfully implemented agentic AI applications at scale, with early adopters achieving up to 227% higher ROI. Collaborations with Red Hat aim to provide organizations with solutions for successful AI outcomes. New features include enhanced data security, a purpose-built PG AI Analytics Engine for high-performance queries, and a universal data store for various data models. Performance advantages include six times better total cost of ownership (TCO) compared to SQL Server and up to 150 times faster NoSQL performance than MongoDB. A comparative analysis showed that EDB PG AI reduced overall complexity by 67% and maintenance costs by 38%.
Tech Optimizer
February 14, 2025
Researchers have identified a SQL injection vulnerability, CVE-2025-1094, in PostgreSQL's interactive terminal tool, psql. This vulnerability is linked to another vulnerability, CVE-2024-12356, related to remote code execution in BeyondTrust's products. CVE-2025-1094 arises from a flawed assumption about the security of escaped untrusted input and allows attackers to inject malicious SQL statements due to the processing of invalid UTF-8 characters. It has a CVSS 3.1 base score of 8.1, indicating high severity, and can lead to arbitrary code execution through psql's meta-command functionality. The vulnerability affects all supported PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Users are advised to upgrade to these patched versions to mitigate risks. A Metasploit module targeting this vulnerability has been developed, emphasizing the urgency for organizations to implement patches.
Winsage
October 1, 2024
Businesses considering remaining on Windows 10 must evaluate the implications for their cyber insurance coverage, particularly regarding compliance with the Payment Card Industry Data Security Standard (PCI DSS). Non-compliance can result in denied claims or loss of coverage. Key concerns include adherence to PCI DSS standards and the implementation of necessary security measures for point-of-sale systems, such as file integrity monitoring, anti-malware solutions, timely patches, and audit logging. Failing to maintain these protections while operating point-of-sale systems can jeopardize customer data and cyber insurance benefits.
Search