PCI SSC recently completed the first of two request for comments (RFC) periods on the draft PCI Contactless Payments on COTS Standard and published a Magnetic Stripe Readers (MSR) Annex to the Software-based PIN Entry on COTS (SPoC) Standard.
The Equifax breach underscored the risk posed by unpatched software applications. As a refresher, 146 million customer records were exposed after a known vulnerability in Apache Struts was exploited. The reality is enterprises are supporting an ever-growing number of applications, both commercial and homegrown which has created many challenges in maintaining proper security patches for even the most critical applications. That same challenge becomes even more difficult when you consider legacy enterprise applications that are … More
Who will be eligible to conduct assessments under the PCI Software Security Framework? How will the assessor qualification process work? When will training be available?
There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. The results were released in the Q1 2019 Vulnerability QuickView Report. CVSSv2 scores of 9.0+, deemed critical issues, accounted for 14.0% of all published Q1 2019 vulnerabilities. Risk Based Security’s VulnDB published 2,539 (85%) more vulnerabilities than CVE/NVD … More
The post Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector appeared first on Help Net Security.
In recent years, enterprises have adopted next-gen endpoint protection products that are doing an admirable job detecting anomalies. For example, searching for patterns such as remote access to memory, modification of specific registry keys and alerting on other suspicious activities. However, typically anomalies only provide us with an indication that something is wrong. In order to understand the root problem, respond and ensure that a machine is entirely clean, we must search for the malicious … More
From 26 Feb to 26 March, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the draft PCI SPoC Magnetic Stripe Reader (MSR) Annex. RFC periods are avenues for PCI SSC stakeholders to provide feedback on existing and new PCI Security Standards. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.