Aug 242016
 

Penetration Testing as per PCI DSS version 3.2 As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.3: Exploitable Read More…

Aug 152016
 

One of the key security devices in a lot of organizations is an HSM – Hardware Security Module. All banks use it to store your debit card and credit card PINs. An HSM can be used to store any super-secret piece of information. Administration of the HSM is done via a custom client or CLI or directly on the physical panel of the HSM. This article outlines an audit methodology for an HSM that extends the PCI Council’s Read More…

Aug 052016
 

As per PCI DSS v3.2, Requirement 11.3 addresses penetration testing activity for organizations following PCI DSS compliance. The requirement is further divided into following sub requirements: Requirement 11.3.1: Conduct external penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.2: Conduct internal penetration testing at least annually or after any significant change has occurred in organization’s environment Requirement 11.3.3: Exploitable vulnerabilities identified during testing shall be corrected and Read More…

Aug 052016
 

Vendor Patches: Google Releases Security Update for Chrome Cisco Releases Security Update Oracle Releases Security Bulletin Apple Releases Multiple Security Updates Drupal Releases Security Advisory Security Breaches: Disney Playdom forums shut down following data breach Pokémon GO Creator’s Twitter Account Hacked North Korean hackers gain access to personal data of dozens of South Korean diplomats and security officials Clash of Kings official forum hacked, data of 1.6 million accounts leaked Hillary Clinton’s Presidential Campaign also Read More…

Jul 142016
 

If you are looking to navigate your way through the complexities of Big Data and its use in Security, here are some links to get you off the ground: Big Data Basics What is Big Data Which are the major technologies used for Big Data Hadoop (Apache’s open-source implementation of Google’s MapReduce algo) Elastic Search, Logstash, Kibana (ELK) Major implementations of Hadoop – Cloudera and Hortonworks How it started to become mainstream – Google publishes its Read More…

Jun 302016
 

INTRODUCTION WhatsApp Messenger is an application used across various Mobile Platforms for instant messaging. It uses the internet to send and receive audios, videos, documents, location details, messages etc. WhatsApp saves all the message of user onto a database file in crypt form, which means no one could read anyone’s private messages. WhatsApp uses crypt2, crypt5, crypt7, crypt8 to encrypt all the data so that no one could read the messages from the database file. Read More…

May 022016
 

So here it is, PCI SSC has officially released the final version of PCI DSS v3.2 standard document. PCI DSS v3.1 will retire after six months from now and organizations are required to use PCI DSS v3.2 for assessments during this period. The newly added requirements will be considered best practices till 31st January 2018. Post this date they will be effective as requirements. So, What’s New In PCI DSS V3.2? The major requirements are Read More…