You cannot see what you do not have
We see time and time again in our incident response practice department scenarios where long-term systemic malware resides in a seemingly secure environment for months at a time.
Author Archives: HALOCK Security Labs
PCI Service Providers – Fines for Non Compliance
A number of clients have asked me about what sort of non-compliance fines or penalties they could potentially face as a PCI Service Provider, assuming there has been no security breach, but PCI DSS compliance has not been achieved.
Mobile Device Management
Mobile Device Management – What was once the primary strength of Blackberry, enterprise-grade security and manageability features are now available across the majority of mobile operating systems. If your organization is considering the implementation of mobile technologies into your environment, you may find following comparison of mobile security and management capabilities from Infoworld to be very helpful:
The Modern Malware EcoSystem
Modern malware attacks are dominating the headlines and most of the focus is directed at the impact of an attack, the potential data loss factor or oftentimes the suspected perpetrator. An important element to understanding the full spectrum of these attacks is to understand the modern malware ecosystem.
Would You Bet on the IT Security of Your Network?
This was from an article published on Dark Reading recently. It was from a survey of 300 IT professionals, conducted by PhoneFactor, an authentication tool vendor.
Security Implications of Leveraging Cloud Computing
Cloud computing is rapidly evolving into a service model that has the potential to save money and create efficiencies for organizations large and small. This new model can help achieve significant cost savings, reduce IT complexity, and increase flexibility in adapting to a changing business environment.
Mobile Device Security
Mobile devices have become an important aspect of our personal and professional lives. In today’s networked world, we increasingly rely on mobile devices to access sensitive data on corporate networks. While the benefits of mobile devices is continually expanding, so are the risks.
What type of PA-DSS Payment Application Do I Have?
For those vendors looking to have their payment application listed on the Council’s “List of Validated Payment Applications”, you will see there are several different categories of a payment application. Some might be defined as a “Payment Middleware” or “POS Admin” or “POS Suite”. So how do you even begin to understand the difference amongst […]
Wireless Checklist for PCI Compliance
While I have typically seen merchants and service providers opt to segment their wireless network from the cardholder data environment to keep it out of PCI compliance scope entirely, sometimes, this is not feasible. Here is a quick checklist of what is needed when implementing a wireless network as part of your cardholder data environment […]
Incident Response — The Changing Face of Malware
When someone says “you have malware”, what do you think of? Do you remember the “old days” when a virus was simply an annoyance, blue screening Windows machines, slowing your machine speed, or popping up false firewall advertisements? Unfortunately, those “old days” are long gone. Malware has changed drastically in recent years.