As part of our ongoing series on social engineering, this article highlights phishing, the most widely used social engineering tactic. Like other social engineering schemes, phishing relies solely on an individual’s trust and/or gullibility to provide a criminal with open access to sensitive information. How is Phishing Done? Phishing occurs when a criminal sends a …
April 15, 2015 brought us more than tax day; it brought us the much-anticipated release of the PCI DSS standard from the PCI Council. As SSL and early TLS are no longer considered strong cryptography, this release describes how the industry is to move forward in regard to the use of SSL and early TLS …
We continue our series on social engineering with this explanation of Quid Pro Quo, the social engineering tactic that relies on a criminal’s ability to tempt victims with a free service or gift. Latin for “this for that,” Quid Pro Quo is yet another classic social engineering scheme, relying on an individual’s gullibility to allow …
The entire Dara Security team is honored and humbled to receive this award. Many thanks to Nevada Business Magazine, Nevada State Bank, and their sponsors for recognizing our team’s efforts. We are energized to reach greater heights!
The PCI Security Standards Council (PCI SSC) has released Payment Application Data Security Standard (PA-DSS) Version 3.1 to address vulnerabilities in the Secure Socket Layer (SSL) protocol. This update removes SSL and early TLS as examples of strong cryptography. PA-DSS 3.1 is effective June 1, 2015. The PCI DSS requirements that are directly affected by …
PCI DSS 3.2 is due out by the end of April 2016; however, participating members have been provided a draft copy of the standard to be released. The release of the standard comes with some expected changes that not only clarify existing requirements, but also add some new ones that can bring a few new …
Dara Security, an award-winning information security company, is pleased to announce a partnership alliance with Manexe, Inc., a growing provider of advanced technology for card payment management based in the Latin American and Caribbean (LAC) region. With this partnership, Dara Security will provide to companies in the LAC region a suite of compliance and risk …
Dara Security expands into the Latin American and Caribbean Region Read More »
October was National Cyber Security Awareness Month (NCSAM). This annual campaign, now in its thirteenth year, is a collaborative effort between government and private industry to educate and engage everyone about cybersecurity. Through the years, NCSAM has raised cybersecurity awareness for consumers of all ages, small businesses, corporations, and educational institutions. This year’s theme was …
Point of Sale software vendors that have or are planning to go through the PA-DSS validation process are aware of the requirement detailed within the Payment Application standard. These requirements range from ensuring proper software development and testing processes and support procedures are in place to include detailed technical requirements around password and logging controls. …
Vulnerability Handling Policy – An Unexpected PA-DSS Surprise? Read More »
Effective January 31, 2017, Visa will officially require merchant acquirers to ensure that Level 4 merchants use only PCI QIR professionals for POS application and terminal installation and integration. The purpose of Visa’s QIR mandate is to shore up payment security, specifically the weak practices in remote access to payment systems that have caused many …
