Integrity: The New “I” in PCI Compliance

The retail industry saw more than its fair share of data breaches in 2017, with security incidents detected at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least som… Continue reading Integrity: The New “I” in PCI Compliance

Four misconceptions around compensating controls

As the New Year celebrations come to a close, the deadline to become compliant with the EU’s new consumer protection regulation GDPR is creeping closer. With this new law coming into effect in late May, businesses around the world are running out… Continue reading Four misconceptions around compensating controls

What Is FIM (File Integrity Monitoring)?

File integrity monitoring (FIM) exists because change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur d… Continue reading What Is FIM (File Integrity Monitoring)?

10 Year Old Bug Crushed By Hacker on a Mission

PCI pass through is the ability of a virtualized guest system to directly access PCI hardware. Pass through for dedicated GPUs has just recently been added to the Linux kernel-based virtual machine. Soon afterward, users began to find that switching on nested page tables (NPT), a technology intended to provide hardware acceleration for virtual machines, had the opposite effect on AMD platforms and slowed frame rate down to a crawl.

Annoyed by this [gnif] set out to to fix the problem. His first step was to run graphics benchmarks to isolate the source of the problem. Having identified the culprit …read more

Continue reading 10 Year Old Bug Crushed By Hacker on a Mission

Regional regulatory compliance trends: Strategies and implications

In this podcast, Tim White, Director of Product Management, Policy Compliance at Qualys, talks about regulatory compliance trends that across a variety of different regions in the world, as well as strategies for dealing with them. Here’s a transcript of the podcast for your convenience. Hello, I’m Tim White, Director or Product Management at Qualys. Today I’m going to talk about some regulatory compliance trends that we’re seeing across a variety of different regions in … More Continue reading Regional regulatory compliance trends: Strategies and implications

Security For Small Business – Paul’s Security Weekly #516

Don Pezet from ITPro.TV joins us on the show to help us identify security challenges and solutions for small business/mid-market. Backups are key, as are ease of use and support. The most important thing? Awareness and education! Tune in for the full d… Continue reading Security For Small Business – Paul’s Security Weekly #516

NuCypher is using proxy re-encryption to lift more enterprise big data into the cloud

 After spending time at a London fintech accelerator last year, enterprise database startup ZeroDB scrapped its first business plan and mapped out a new one. By January this year it had a new name: NuCypher. It now will try to persuade enterprises… Continue reading NuCypher is using proxy re-encryption to lift more enterprise big data into the cloud

EEPROM Hack to Fix Autodetection Issues

Autodetection of hardware was a major part of making computers more usable for the average user. The Amiga had AutoConfig on its Zorro bus, Microsoft developed Plug And Play, and Apple used NuBus, developed by MIT. It’s something we’ve come to take for granted in the modern age, but it doesn’t always work correctly. [Evan] ran into just this problem with a video capture card that wouldn’t autodetect properly under Linux.

The video capture card consisted of four PCI capture cards with four inputs each, wired through a PCI to PCI-E bus chip for a total of sixteen inputs. Finding …read more

Continue reading EEPROM Hack to Fix Autodetection Issues

PCI Council wants more robust security controls for payment devices

The PCI Council has updated its payment device standard to enable stronger protections for cardholder data, which includes the PIN and the cardholder data (on magnetic stripe or the chip of an EMV card) stored on the card or on a mobile device. Specifically, version 5.0 of the PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements emphasizes more robust security controls for payment devices to prevent physical tampering and the insertion of malware … More Continue reading PCI Council wants more robust security controls for payment devices

The Value of a Hacked Company

Most organizations only grow in security maturity the hard way — that is, from the intense learning that takes place in the wake of a costly data breach. That may be because so few company leaders really grasp the centrality of computer and network security to the organization’s overall goals and productivity, and fewer still have taken an honest inventory of what may be at stake in the event that these assets are compromised. Continue reading The Value of a Hacked Company