Posts about:
Microsoft support offerings are designed to provide guidance for system administrators and managers. However, details of the Microsoft “Support Lifecycle” [2] can be misunderstood, leading to compliance confusion and unnecessary work.
Many organizations have either undergone or are planning migrations or acceleration of call centers, remote working, and online presence exploiting technologies like VoIP. Criminals are increasingly taking an interest in these channels. An interesting discovery by ESET, Linux based malware targeting soft-switches produced by China based Linknat. Two models are affected the VOS2009 and VOS3000.
If you're subject to PCI DSS you need to understand "The ENTITY". We aren't talking about a horror movie. Instead we are talking about something potentially far scarier - your networks, servers, workstations, applications, people, process, responsibilities, third parties, and your contractual relationships. In this article we hope to show you how to understand and tame "The ENTITY" in the context of PCI DSS.
Control Gap is excited to announce that we will be exhibiting at this year’s @PCISecurityStandardsCouncil Community Meeting on September 17-19. Don’t forget to stop by booth #3 and visit us at the #PaymentSecurity event of the year! Join us for a great opportunity to learn about #SecuringPaymentData.
As we complete the 3rd hour of the meeting discussing PCI scope, the customer turns to me and asks, “So what’s the minimum that I need to do to pass PCI?”
Welcome to This Week’s [in]Security. This week: a quiet week for PCI, RDP MFA bypass, make SSNs public, AMCA (Quest, LabCorp, OPKO) breach, Data Protection Authority exposure, privacy and politics in Canada, 33% of breaches caused by 6% of bugs, impersonating doctors, rescuing vulnerable crypto-currency, Baltimore and Norsk Hydro, how Apple finds offline things and more.
NIST recently published a document "Transitioning the Use of Cryptographic Algorithms and Key Lengths" which formalizes the sunset of Triple DES by the end of 2023. Afterwards it will only be recommended for legacy use which means decryption only.
Last month NIST announced they were seeking feedback on a proposed updated guidance for FPE. More formally this is SP 800-38G rev 1 "Recommendation for Block Cipher...
Big changes are coming to payment security in 2019. PCI is launching a grand experiment in payment security - Software PIN on COTS (SPoC) - a subset of "PIN-on-glass". SPoC is intended to make payments using devices like phones and tablets both easy and secure. The approach is both interesting and a departure from previous payment security standards. SPoC has generated a lot market interest but will face challenges with complexity and potentially with acceptance. This article looks at what SPoC is, its new security model, and some of the challenges. We also present a timeline on the standard including known mandates.
The PCI Council which oversees 10 different standards and a dozen programs is in the process of updating and rolling out standards that will have a big impact on payment security. In addition to SPoC, 2019 will see a new software security standard & framework to replace PA-DSS, improvements to the 3DS standard to benefit card-not-present & mobile payments, a new Qualified PIN Assessor (QPA) program, and a Contact-less payments on COTS standard.
To accept credit cards in Canada, businesses need to be PCI compliant. Becoming PCI compliant can be difficult in the first place and keeping up with the changes even more so. In May 2018 the Payment Card Industry (PCI) Security Standards Council (formed to regulate security for the payment card industry) released an updated list of compliance requirements known as the PCI Data Security Standard (DSS) v3.2.1.