Penetration Testing as per PCI DSS version 3.2
As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.3: Exploitable vulnerabilities identified during testing shall be corrected and Read More…
Hardware Security Module (HSM) security testing checklist
One of the key security devices in a lot of organizations is an HSM – Hardware Security Module. All banks use it to store your debit card and credit card PINs. An HSM can be used to store any super-secret piece of information. Administration of the HSM is done via a custom client or CLI or directly on the physical panel of the HSM. This article outlines an audit methodology for an HSM that extends the PCI Read More…
Vendor Patches:
- Microsoft Releases August 2016 Security Bulletin
- Cisco Releases Security Update
- VMware Releases Security Update
- Apple Releases Security Update
Security Breaches:
- NSA’s Hacking Group Hacked! Bunch of Private Hacking Tools Leaked Online
- User Data Leaked From Analytics Company Social Blade
- UK Software Firm Sage Suffers Breach
- Guccifer 2.0 Leaks Personal Info of Nearly 200 Congressional Democrats
- Data Breach — Oracle’s Micros Payment Systems Hacked
Malware News:
- Backdoor Abuses TeamViewer to Spy on Victims
- Massive Spam Campaign Spreads Panda Banker Trojan
- Unfinished Hitler-Ransomware Variant Deletes User Files
- Vawtrak Banking Trojan Uses SSL Pinning, DGA
- Shade Ransomware Updated With Backdoor Capabilities
- Windows Script Files Used to Deliver Locky Ransomware
- Researchers Hide Malware Inside Digitally Signed Executables
- Encrypted, Obfuscated Malware Slips Into Google Play
Security News:
- Internet Traffic Hijacking Linux Flaw Affects 80% of Android Devices
- FalseCONNECT Flaw Exposes Proxy Connections to Attacks
- China Launches World’s 1st ‘Hack-Proof’ Quantum Communication Satellite
- Vulnerabilities Found in Several Fortinet Products
- New Hack Uses Hard Drive’s Noise to Transfer Stolen Data from Air-Gapped Computer
- Address Bar Spoofing Vulnerability Found in Several Browsers
- Secure Boot Vulnerability Exposes Windows Devices to Attacks
- Windows UAC Bypassed Using Event Viewer
- Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely
- Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot
- Juniper Starts Fixing IPv6 Processing Vulnerability
- Gmail Flags Unauthenticated Messages, Dangerous URLs
- Flaw Allows Attackers to Modify Firmware on Rockwell PLCs
- Go-Based Linux Trojan Used for Cryptocurrency Mining
- Flaws in HTTP/2 Protocol that could allow Hackers to Disrupt Servers
- VMware Tools Flaw Allowed Code Execution via DLL Hijacking
- Serious Flaws Found in Netgear, NUUO Network Video Recorders
- Australia Online Census Shutdown After Cyber Attacks
- New Technique Detects Hardware Trojans
- D-Link Patches Critical Flaw in DIR Routers
- Samsung Pay Token Flaw Allows Fraudulent Transactions
- Hacker Selling 200 Million Yahoo Accounts On Dark Web
- Customizable “Remvio” Trojan Available for Just $58
- MICROS Hackers Targeted Five Other PoS Vendors
- Microsoft Disables RC4 in Edge and Internet Explorer 11
- New Cerber Ransomware Variant Packs Improved Key Generation
