Showing 10 results for: Payment Card Industry ×

Wait a minute... that’s not a real JPG!

When attackers compromise a website and want to harvest credit cards, they need to either find where the data is stored or capture the data in transit. This blog post shows how identifying files with false file signatures can uncover...

Card Data Siphon with Google Analytics

The introduction of EMV (Chip & Pin) payment devices in 2003 resulted in a rapid decline in physical credit card cloning in Europe. EMV technology has also led to an increase in attacks on e-commerce systems targeting cardholder data. Each...

5 ways to protect your E-Commerce site

The Trustwave Spiderlabs team frequently responds to E-commerce data breaches. The number of website breaches that we are working continues to rise. There are a handful of reasons for this rise. We are approaching saturation in the "brick and mortar"...

Teaching Security Self-Defense

My background in IT comes mostly from a nomadic perspective. In my years of IT and InfoSec, I've had the makings of a career consultant - different client each week, different city, different nature of work. It's been a long...

Guidance for firms using the NetAccess N-1000

SpiderLabs' Incident Response team has recently seen credit card fraud involving the suspected compromise of a 'drop in' transaction processing devices in the Asia Pacific region. Specifically, we have seen issues with the NetAccess N-1000 Transaction Concentrator, payment processing middleware...

How to Get the Most Out of a PenTest

Being a PenTester for Trustwave Spiderlabs, I work with a huge amount of clients ranging from three employees in a garage, to the who's who of the Fortune 100. Over the past few years, I've done hundreds of PenTests and...

Pentesting like an Eastern European

Through SpiderLabs' Incident Response (IR) and Penetration Testing services we get a chance to both see 'bad actor' techniques in the field and help our clients test how their security controls will stand up to them. One trend we've seen in our IR engagements is a move away from malicious parties stealing 'data at rest' to targeting it as flows through IT infrastructure. This post gives a general overview of how attackers are targeting dynamic data and elaborates on some of the tools and techniques SpiderLabs use to steal information stored in memory during our penetration tests.

Five E-Commerce Security Myths (Part 1)

Compromises of e-commerce websites are increasingly common. In our 2012 Global Security Report we reported that 20% of our incident response investigations related to e-commerce sites. This was up from 9% the year before. In my part of the world...

Five E-Commerce Security Myths (Part 2)

In part 1 of this series I gave an introduction into how most merchants accept payments and how most bad guys steal this data. In this post, I'm going to delve into the misconceptions about e-commerce security that we hear...