Okay, so I am a merchant who has just received notification from my acquiring bank that I need to provide them with my compliance state for the Payment Card Data Security Standard (PCI DSS). Where do I start? My bank has pointed me to the Payment Card Industry Security Standards Committee (PCI SSC) website.
Nettitude’s head of technical services, Sebastien Jeanquier, recently met with NBC New York’s Chris Glorioso to discuss Shodan and the threat from industrial hacking. Sebastien also explained why “our clients come to us in order to identify vulnerabilities within their systems before someone else does.”
In continuation of the previous blog, wrapping up some interesting discussion points from the recent Black Hat event in Las Vegas, here we’ll look at a few more vulnerabilities for security researchers to be aware of.
Cyber security breaches can cause lasting reputational damage for companies who fall victim, and potential legal action by customers too. To add to this there is now the confirmed risk of enforcement action by the US Federal Trade Commission (FTC).
In a ruling by the US Court of Appeal for the Third Circuit, poor cybersecurity is to be classed as a form of 'unfair competition', which places it within the remit of the FTC to regulate. This interpretation was challenged by the hotel group Wyndham Worldwide, which was on the receiving end of an FTC lawsuit that had begun in June 2012. The District Court sided with the FTC, and now the Court of Appeal has concurred. The original lawsuit continues, but Wyndham have suffered a serious setback.
This year, Black Hat (BH) 2015 came, as it usually does, with major security flaws and some “dojos” aside from the major android vulnerabilities we were exposed to and other types of security issues that are much less talked about, but still expose serious problems. Over the next couple of blog posts we’ll look at wrapping-up some of the vulnerabilities that fell under the shadow of Certigate and other super star vulnerabilities exposed at the BH 2015 USA conference.
Nettitude’s Ben Rothke has been nominated to serve on the 2016 Cybersecurity Canon Induction Committee. Sponsored by Palo Alto Networks, The Cybersecurity Canon honors authors and works of literature that accurately depict the history, milestones and culture of the modern cybersecurity industry.
Yesterday, an industry guidance letter was issued to all New York State Department of Financial Services (DFS)-regulated banks from the Superintendent of Financial Services. The letter provides guidance on how they will be examined in terms of their cyber security, and risk management.
Cyber security consultancy named Security Service Provider of the Year.
My visit to the Amazon Web Services (AWS) Summit 2014 in NYC was both a rewarding and an exhausting experience. The Summit organizers did a fantastic job filling an entire day with non-stop keynote speakers, guest speakers, hands-on labs, with basic and advanced sessions, a large selection of cloud oriented vendor booths and even some entertainment. Although I did not manage to win the new Perrot AR 2.0 drone raffle, I did get my share of fantastic tech T-Shirts, and I enjoyed interacting with a vendor robot (see here). Arriving 30 minutes late due to client commitments, presented me with a long line of fellow attendees, all desperately attempting to get a seat at the massive hall for the Keynote speeches, but despite the vast venue, it was completely full. Luckily, AWS had overflow rooms from which live feeds of the speeches were streamed (see the Rob Reiner photo).