Blog

PCI DSS 3.1 Highlights

The Payment Card Industry (PCI) Data Security Standard (DSS) is a worldwide standard, published and maintained by the PCI Security Standards Council (SSC), endorsed by all major credit card brands and intended to protect cardholder data wherever it is processed, stored or transmitted. On February 13, 2015. the PCI SSC Council released a statement announcing impending revisions to the Payment Card Industry Data Security Standard (PCI DSS) as... Read More
April 24, 2015

Customized Intelligence-Based Information Security

Information security is a fast moving train, but where is it headed? The vast selection of technologies can be mind-boggling, and often the skills required to make sense of their proper use are dispersed among multiple technical groups and, at times, completely missing from an organization's skills-matrix. With this in mind, it is a wonder that intelligence modeling capabilities are... Read More
April 16, 2015

Threat Update | Simda Botnet

April 15, 2015 US-Cert has reported the compromise of more than 770,000 computers running Microsoft Windows worldwide through the Simda botnet. The details below have been released to provide further information along with prevention recommendations. Simda malware may re-route user’s Internet traffic to websites under criminal control or can be used to install malware. The malicious actors control the network of... Read More
April 15, 2015

Next Generation FireWalls

Firewall technology has become a key part of each and every company’s security defence strategy. As the pace of technological change continues to move quickly, firewall technology has become much more sophisticated. The latest trend in firewall naming conventions is “NextGen Firewall” (NGFw). The most important features of a NGFw are:     to be able to create username based policy... Read More
March 25, 2015

Vulnerability Analyst

Las Vegas, NV A Vulnerability Analyst is a trusted technical advisor to Herjavec Group customers providing valuable guidance and execution around operations and optimization of their IT security infrastructure. The Vulnerability Analyst works closely with the customer to provide proactive support assistance to prevent security issues from occurring. The Vulnerability Analyst plays a pivotal role in ensuring that Herjavec Group... Read More
March 17, 2015

Are you ready for an Information Security Incident?

Prevailing wisdom has become that information security breaches are inevitable. We have all seen the headlines and watched as major targeted attacks played out in government and in the media but as business leaders and security practitioners—what can we do to protect our organizations? The founder of the Boy Scouts, Robert Baden-Powell, said everything we really need to know when... Read More
March 12, 2015
Threat Update | SuperFish

Threat Update | SuperFish

Lenovo products shipped between September 2014 and February 2015 have come with preloaded software known as “SuperFish”. It is very common for manufacturers and OEMs to preload applications onto the Operating System; however, what makes SuperFish “unique” is that it is designed to intercept all HTTP and HTTPS communication. SuperFish is designed to provide analytics to better enhance the user’s... Read More
February 25, 2015

Revisions to PCI DSS | PA DSS 3.0

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that credit card information is maintained in a secure environment. In January of 2014 the PCI Data Security Standard 3.0 became effective, raising the bar for security by encouraging a structured and continuous approach, and urging businesses that process, store or transmit credit card information... Read More
February 24, 2015

Insights from the White House Summit on Cybersecurity and Consumer Protection

On February 13, 2015 President Obama addressed an intimate audience of security professionals at Stanford University for the first White House Summit on Cybersecurity and Consumer Protection. Before signing an executive order promoting private sector cybersecurity information sharing he validated what many of us working in security each and every day know so well: “The very technologies that empower us... Read More
February 19, 2015

Threat Update| “JASBUG"

On February 10th, 2015, Microsoft released two critical patches for “JASBUG” – MS15-011 and MS15-014. The design flaws were indirectly discovered by JAS Global Advisors LLC with assistance from simMachines’s analytics. The patches have been published by Microsoft in order to resolve design flaws found in Active Directory Group Policies. The two vulnerabilities – or rather, design flaws – occur... Read More
February 11, 2015