Can Hackers Get Past Your Password?

November 05, 2014 Added by:Steve Durbin

Password-based authentication is easy and familiar for customers, and is initially inexpensive for organizations to deploy at scale. But, while password-based authentication may be appropriate in some instances, it is no longer suitable for the wide range of services where it is currently being used.

Comments  (2)


Compliance-Based Infosec Vs Threat-Based Infosec

October 29, 2014 Added by:Brent Huston

Compliance-based infosec, when implemented correctly, is really the best kind of defense there is. The problem is, the only place I’ve ever seen it really done right is in the military.

Comments  (0)


Lawyer Or Security Professional?

October 13, 2014 Added by:PCI Guru

It has been an interesting time as the December 31, 2014 deadline approaches and version 2 of the PCI DSS comes to its end of life. I have started to notice that there are a lot of security professionals and others that are closet lawyers based on the discussions I have had with some of you regarding compliance with the PCI DSS.

Comments  (0)


Do Not Jump To Conclusions

October 08, 2014 Added by:PCI Guru

The take away from this post is to think through the implications of the Council’s directives before you go off advising organizations that certain technologies are not PCI compliant

Comments  (0)


Interested In Business As Usual?

October 01, 2014 Added by:PCI Guru

Organizations are finally realizing that the only way they are ever going to feel secure is to embed security controls in their everyday business processes and make sure that they periodically assess that those controls are working.

Comments  (0)


Goodwill Payment Vendor Breached for 18 months Undetected – Are You Surprised?

September 24, 2014 Added by:Tripwire Inc

You may find this surprising… 18 months is a year and a half of attackers wandering around, looting sensitive data while remaining undetected.

Comments  (0)


Parallels Among the Three Most Notorious POS Malware Attacking U.S. Retailers

September 22, 2014 Added by:Cyphort

After the first major success of POS malware breaching Target Corporation in November 2013 occurred, the number of POS device infections in the wild skyrocketed.

Comments  (0)


How Many Auditors Does It Take …

September 18, 2014 Added by:PCI Guru

The title of this post sounds like the start of one of those bad jokes involving the changing of light bulbs. But this is a serious issue for all organizations because, in today’s regulatory environment, it can be a free for all of audit after audit after assessment after assessment.

Comments  (1)


French ANSSI key measures to improve the cybersecurity of ICS

September 08, 2014 Added by:Stefano Mele

Since February 2013, industrial stakeholders (final users, vendors, integrators, professional organizations, etc.) and French governmental entities have been working together as part of a working group, lead by ANSSI, which aims at elaborating concrete and practical proposals to improve the cybersecurity of critical infrastructures.

Comments  (0)


Backoff PoS Malware: Are You Infected and Don't Know It?

August 27, 2014 Added by:Tripwire Inc

According to the Secret Service, Backoff malware has affected an additional 1,000 businesses, hit by the same type of cyberattack that stole the personal information of millions of Target customers last year. “

Comments  (0)


Avoid this Common Privacy Choice Mistake

August 26, 2014 Added by:Rebecca Herold

Many marketing professionals have a common temptation; they want to send as many marketing messages to as many people as possible, and they would love to send it to all folks who have ever been customers or clients of their business, and often times actually want to simply send to everyone whose email address they can obtain in any way.

Comments  (0)


P2PE Versus E2EE

August 25, 2014 Added by:PCI Guru

I have been encountering a lot of organizations that are confused about the difference between the PCI SSC’s point-to-point encryption (P2PE) certified solutions and end-to-end encryption (E2EE). This is understandable as even those in the PCI community are confused as well.

Comments  (1)


Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems

August 19, 2014 Added by:Mike Lennon

TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL which provided the attackers a way in, eventually resulting in the compromise of patient data.

Comments  (0)


Requirement 10.6.2 Clarification

August 14, 2014 Added by:PCI Guru

The argument in PCI circles is the definition of “all other systems”. Some of us believed that it meant systems other than those in-scope. Other people believed that it had to refer to only in-scope systems such as a user workstation.

Comments  (0)


It’s Time for Retailers to Tell Point-of-Sale Hackers to ‘Back Off’

August 14, 2014 Added by:Patrick Oliver Graf

It’s Groundhog Day all over again for retailers, following the U.S. Department of Homeland Security’s warning that they could, once again, be exploited by malicious actors.

Comments  (0)


The Dilemma of PCI Scoping - Part 3

August 11, 2014 Added by:PCI Guru

In part 2 we discussed the criticality of a risk assessment and started on implementing the framework with fixing monitoring and alerting so that we can properly manage the risk we will be accepting. In this part I will deal with Category 2 and 3 systems and how to manage their risk.

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »