Wednesday, December 16, 2015

Getting Ready for Cyber Security

Author - Abhishek Kushwaha

The use of Internet has affected almost all parts of life of an individual. Internet has grown from just a tool to obtain information for a school project to stimulate social and political changes in many parts of the world. The rising growth of social media, online Governance models and Internet of Things clearly indicate that it is just a matter of time before all information is available online in some form or the other.

Tuesday, November 10, 2015

Understanding PCI DSS Penetration Test Guidance v1.0

Author - Manasdeep
The Penetration Test Guidance v1.0 document was released on March 2015 to update and replace the long pending PCI DSS original penetration testing information supplement titled “PCI DSS Requirement 11.3 Penetration Testing” that was published in way back in 2008. It stands fully updated as per requirements of PCI DSS v3.0 standard. As always, it stands as a guidance document which does not supersede, extend or replace PCI DSS requirements.

Wednesday, October 14, 2015

PCI DSS for e - commerce/m - commerce: Challenges and Remediations

Author - Swati Sharma
This document provides an overview of challenges that e-commerce merchant face when going for Payment Card Industry (PCI) compliance requirements, as well as key recommendations for addressing those challenges.With the increase of Internet usage across the globe, the e commerce sales have touched $1.471 trillion in 2014. It is approximated that it will reach to $2.356 trillion by 2018.

Friday, September 11, 2015

Information Security Facet of Data Protection Act UK

Author: Himanshu Shewale

The Data Protection Act of UK is known to be one of the most stringent regulations when it comes to protecting “Personal Data”. The Act regulates how personal data needs to be protected while it is processed, stored or transmitted by the data controller. A data controller can be any entity that holds information about its customers and hence needs to comply with Data Protection Act.

Tuesday, August 11, 2015

Evolving trends in Payment Card industry

Author - Bijal Doshi
With the budding trend of e-commerce industries, we are seeing an all-time high in transactions happening via Card-not-present channel. As the organizations allow features like express check-out, they end up storing cardholders data. Hence, the need to protect the card holder data has increased manifold.

Friday, July 10, 2015

POS-Malware [Stealth tool to steal the valuable Card Details in your Pocket]

Author - Kaushik Pandey

Its again a holiday season, everyone is enjoying at their extreme and so are the hackers, so before going reckless  just wait and have a look at the breaches that happened in  the past 2 years. We tried to analyze the exploitation patterns of PoS malwares from the technological as well as physical standpoint and believe it or not but YOU ARE NOT SECURE.

Monday, June 29, 2015

Adobe Flash Zero-Day Vulnerability - Operation Clandestine Wolf by FireEye

Author - Kaushik Pandey

The beautiful June is about to end, the name of the month may have been “sere-month” which implies “dry and withered” or let’s move to Latin and the name becomes Iūnius, meaning “sacred to Juno,” the Roman goddess. So to beat the heat and in the loving memory of the Roman goddess, FireEye as a Service team explored a phishing campaign which was out there for much long and came up with CVE-2015-3113 (as per NVD) also known as Flash Player Zero day vulnerability.

Wednesday, April 8, 2015

Judgment Day – Quashing of Section 66A of IT (Amendment) Act 2008

Author: Manasdeep

On March 24th, 2015 a landmark judgment was delivered by Supreme Court (SC) of India pertaining to online freedom of expression. A controversial legislative section 66A in ITAA 2008 was declared as unconstitutional by SC. Interestingly, many complaints were made before regarding the widespread abuse and misuse of section 66A. But what finally prompted the apex court to announce its verdict on Section 66A. Let’s examine the situation a bit more closely.

Thursday, March 26, 2015

SSL is dead: what to do for PCI DSS Compliance

Author - Swati Sharma

Feb 2015, PCI SSC bulletin on impending revisions to PCI DSS, PA-DSS has created turmoil in payment industry. PCI SSC has announced that they will be bringing newer version of PCI DSS 3.1 and PA DSS 3.1 and Secure Socket Layers (SSL) v3.0 protocol will be treated as no longer acceptable for protection of data due to inherent weaknesses within the protocol. PCI SSC has announced to release the new version of standards in April 2015.

Friday, February 20, 2015

Healthcare Interoperability-Privacy & Security

Author: Himanshu Shewale

The world of Healthcare has drastically changed in the recent past with the incorporation of IT into Healthcare services. It has completely transformed the way in which healthcare data were traditionally shared, exchanged or interchanged. Today, we see a wide diversity in the way information is created, gathered, Processed and transmitted; and all this happening due to the adoption of IT in healthcare.