Entries by Mark Hofman

How to set up the right Vulnerability Management processes

Managing your network vulnerabilities and identifying the right vulnerability management processes can be complex. Whilst finding and prioritising vulnerabilities are the responsibility of the security leader, the speed at which these vulnerabilities are remediated is dependent on other people in your organisation. System architects and administrators, IT managers and system owners all play a part […]

New version of PCI DSS released (v3.2)

As you may be aware the security issues relating to SSL and early TLS prompted the Payment Card Industry Security Standards Council (PCI SSC) to issue a new version of the Payment Card Industry Data Security Standard (PCI DSS) and supporting documents.  This release v3.1 (April 2015) included a deadline for moving away from SSL […]

PCI-DSS & PA-DSS Changes to REQ 4.1

1- Background The Payment Card Industry Security Standards Council (PCI SSC) has issued a bulletin flagging a change in the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA DSS). This change will affect all those that are required to implement either standard. As you may be aware […]

Discovering information leakage in files

By Simon Treadaway [NOTE: All information was gathered from public websites] During the build-up to our recent product launch of “phriendlyphishing.com”, the SEH team conducted hefty amounts of research into phishing attacks, and how they are being used to compromise countless individuals, corporations, and governments every day. SEH have been conducting ‘Client Side’ penetration testing […]

What is PCI?

Today I’ll provide an overview of what is often the elephant in the room. The Payment Card Industry Data Security Standard (PCI DSS). Unlike ISO 27001 where shades of grey are acceptable, in PCI DSS things are very much black and white, with some wiggle room  although limited and realistically only if you can convince […]