Being able to detect new malware infections or security breaches on a network or on a computer system without known signatures is always a challenge. We explore a simple and efficient solution to monitor external facing assets, such as servers, and we discuss the data that was collected during the experimental period.
Topics: Cyber Security Blog
PCI DSS and I
Your company obtained PCI compliance. It could have been a journey which ended with a QSA audit, a self-assessment; or, as I saw in some cases, forsaken the PCI crown and decided to “eat” the risk.
So, What now?
Small and large organizations with PCI obligations have more than a Cardholder Data Environment (CDE) to worry about. There are always cyber security concerns involving systems availability, reputation, and also sensitive data concerns around Personally Identifiable Information (PII), healthcare related data, Intellectual Property (IP), regulatory requirements etc.
A recap of RSA 2017
In my blog piece in January, An advance look at RSA 2017, I wrote of what attendees could expect in advance of the RSA 2017 conference to ensure they made the most of their time there.
I wrote of the importance of wearing comfortable shoes, as there’s a lot of walking at RSA. With events in the south, north and west Moscone Center buildings and also two blocks away at the Marriott Marquis, combined with the long expo floor aisles; I am surprised podiatrists didn’t set up shop outside the convention center.
Like everyone, I left the conference with extreme information overload, sore feet, and much more educated about the current and future states of information security.
By Ben Rothke, CISSP PCI QSA
The RSA conference is about a month away and I am already looking forward to it. As the largest and one of the most influential information security conferences, it has turned into the go-to event of the information security season. Pretty much every player, big and small, in the information security world will be there.
RSA has long been the conference to get up to date information from security practitioners about current issues and threats. Now that the agenda for 2017 is available, four of the key topics for this year’s conference are on:
Okay, so I am a merchant who has just received notification from my acquiring bank that I need to provide them with my compliance state for the Payment Card Data Security Standard (PCI DSS). Where do I start? My bank has pointed me to the Payment Card Industry Security Standards Committee (PCI SSC) website.
Nettitude’s head of technical services, Sebastien Jeanquier, recently met with NBC New York’s Chris Glorioso to discuss Shodan and the threat from industrial hacking. Sebastien also explained why “our clients come to us in order to identify vulnerabilities within their systems before someone else does.”
In continuation of the previous blog, wrapping up some interesting discussion points from the recent Black Hat event in Las Vegas, here we’ll look at a few more vulnerabilities for security researchers to be aware of.
Cyber security breaches can cause lasting reputational damage for companies who fall victim, and potential legal action by customers too. To add to this there is now the confirmed risk of enforcement action by the US Federal Trade Commission (FTC).
In a ruling by the US Court of Appeal for the Third Circuit, poor cybersecurity is to be classed as a form of 'unfair competition', which places it within the remit of the FTC to regulate. This interpretation was challenged by the hotel group Wyndham Worldwide, which was on the receiving end of an FTC lawsuit that had begun in June 2012. The District Court sided with the FTC, and now the Court of Appeal has concurred. The original lawsuit continues, but Wyndham have suffered a serious setback.
This year, Black Hat (BH) 2015 came, as it usually does, with major security flaws and some “dojos” aside from the major android vulnerabilities we were exposed to and other types of security issues that are much less talked about, but still expose serious problems. Over the next couple of blog posts we’ll look at wrapping-up some of the vulnerabilities that fell under the shadow of Certigate and other super star vulnerabilities exposed at the BH 2015 USA conference.