Problem solve

  • How does the MajikPOS malware evade detection?

    A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it.Continue Reading

  • Which cloud security certifications should providers have?

    With numerous security standards and certifications available, evaluating a cloud provider can be tricky. Expert Dan Sullivan explains what to look for during evaluation.Continue Reading

  • Exchange email security best practices sanction self-assessments

    Do you have the guts and technology know-how to undertake a self-assessment of your organization's Exchange-related risks? If so, start here.Continue Reading

  • PoSeidon: Inside the evolving world of point-of-sale malware

    Point-of-sale malware, such as the recent PoSeidon malware, continues to evolve to avoid detection. So what's an enterprise to do? Expert Nick Lewis explains how the malware functions and what organizations can do about it.Continue Reading

  • Manage compliance controls with Adobe Common Controls Framework

    Adobe's Common Controls Framework sets an example for enterprises struggling to manage multiple compliance standards and looking to build their own compliance framework.Continue Reading

  • Fighting crimeware, RAM scraping and other modern mischief

    There's a good possibility that the attacks you see this year will be harder to detect than in years past, particularly as malware generation toolkits make these more advanced techniques easy to incorporate with existing systems.

    In this three-part guide, SearchSecurity contributors examine the latest iterations of malware. First, however, is a chapter on crimeware in general -- that is, malware used to conduct crime. Not surprisingly, that means grabbing sensitive personal information from either point-of-sale terminals or individual end users. The ultimate goal is the same either way: To get at the money. Investigation is essential to understanding and preventing attacks, so we've included some guidance on how a formal investigation should proceed. Later, particular methods of malware users are explored in depth -- RAM scraping and advanced evasion techniques.

    This guide provides a valuable rundown of what's coming at you in the months ahead from the world of malware, and helps determine what you must do to keep your enterprise systems and finances secure.

    Continue Reading

  • Using PCI DSS for a secure virtual machine setup

    When plotting out your VMware environment, think about using PCI DSS requirements to secure data in a virtual machine.Continue Reading

  • Why PCI non-compliance is a problem for many

    PCI DSS requirement 2 specifies companies must change vendor-supplied default passwords, but only 50% were in compliance. Expert Mike Chapple explains why.Continue Reading

  • Beyond PCI: Out-of-band security tips for credit card data protection

    Securing credit card data -- both online and at brick-and-mortar stores -- requires security measures beyond those mandated by PCI DSS. Expert Philip Alexander outlines six out-of-band security controls to consider.Continue Reading

  • How will Shellshock affect PCI DSS audits for enterprises?

    PCI DSS audits are sure to include a look at Shellshock mitigation. Expert Mike Chapple discusses how organizations can prepare.Continue Reading

  • Credit card protection tactics: Technology vs. standards

    In 2014 shoppers spent almost $300 billion dollars online (a number expected to grow in future years). There was a significant number of online fraud attempts, too—and about 78% of those were made through website applications. (In contrast, only 3% were made via mobile applications).

    This Technical Guide looks at efforts made thus far to crack down on credit card fraud. It starts with a discussion of card-not-present scams, currently a tool of choice for fraudsters, not only because they can shift tactics rapidly among different types of Internet transactions but also because there is no need to steal a card itself (only its attributes), which means customers are typically unaware of the theft until after fraudulent transactions have occurred. It then considers the new breeds of technology placed into networks today that focus on fraud and may give organizations means to not only detect and monitor but also stop fraud. The good news is that these tools for banks and merchants alike begin to protect before a transaction is ever made.

    Finally, Chapter 3 explores whether the Payment Card Industry’s Data Security Standard (PCI DSS) effectively and efficiently protects consumer data.Continue Reading

  • What advice does the PCI Special Interest Group have for compliance?

    A new PCI Special Interest Group document gives advice to enterprises on staying PCI DSS compliant after audits. Expert Mike Chapple highlights the key takeaways.Continue Reading

  • How can companies protect against Backoff malware?

    After Backoff malware was discovered in over 1,000 businesses, companies should be asking how to prevent it. Expert Mike Chapple answers.Continue Reading

  • Understanding and responding to POS malware

    Organizations must confront threats like Backoff malware to their point-of-sale systems. This guide reviews the POS malware dangers out there and offers remediation tactics.Continue Reading

  • Avoiding obstacles to keep vSphere environments secure

    When new vulnerabilities arise in your data center, you may surprise yourself at how staying creative and adaptable can sometimes reveal the best solution to the problem.Continue Reading