Showing 7 results for: 2012 ×Payment Card Industry ×

Teaching Security Self-Defense

My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've had the makings of a career consultant - different client each week, different city, different nature of work. It's been a long...

Guidance for firms using the NetAccess N-1000

SpiderLabs' Incident Response team has recently seen credit card fraud involving the suspected compromise of a 'drop in' transaction processing devices in the Asia Pacific region. Specifically, we have seen issues with the NetAccess N-1000 Transaction Concentrator, payment processing middleware...

How to Get the Most Out of a PenTest

Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of clients ranging from three employees in a garage, to the who's who of the Fortune 100. Over the past few years, I've done hundreds of PenTests and...

Pentesting like an Eastern European

Through SpiderLabs' Incident Response (IR) and Penetration Testing services we get a chance to both see 'bad actor' techniques in the field and help our clients test how their security controls will stand up to them. One trend we've seen in our IR engagements is a move away from malicious parties stealing 'data at rest' to targeting it as flows through IT infrastructure. This post gives a general overview of how attackers are targeting dynamic data and elaborates on some of the tools and techniques SpiderLabs use to steal information stored in memory during our penetration tests.

Five E-Commerce Security Myths (Part 1)

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world...

Five E-Commerce Security Myths (Part 2)

In part 1 of this series I gave an introduction into how most merchants accept payments and how most bad guys steal this data. In this post, I'm going to delve into the misconceptions about e-commerce security that we hear...