Listen to the complete PBS NewsHour, specially formatted as a podcast. Published each night by 9 p.m., our full show includes every news segment, every interview, and every bit of analysis as our television broadcast. Is this not what you're looking for? Don't miss our other podcasts for our individual segments, Brooks and Capehart, Politics Monday, Brief but Spectacular, and more. Find them in iTunes or in your favorite podcasting app. PBS NewsHour is supported by - https://www.pbs.org/news ...
…
continue reading
Content provided by Global Cyber Security Inisght. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Global Cyber Security Inisght or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Global Cyber Security Inisght
Every weekday, TED Talks Daily brings you the latest talks in audio. Join host and journalist Elise Hu for thought-provoking ideas on every subject imaginable — from Artificial Intelligence to Zoology, and everything in between — given by the world's leading thinkers and creators. With TED Talks Daily, find some space in your day to change your perspectives, ignite your curiosity, and learn something new.
…
continue reading
On Tuesday's and Friday’s The Moth’s podcast feed presents episodes of the Peabody-Award Winning Moth Radio Hour and original episodes of The Moth Podcast. Since its launch in 1997, The Moth has presented thousands of true stories, told live and without notes, to standing-room-only crowds worldwide. Moth storytellers stand alone, under a spotlight, with only a microphone and a roomful of strangers. The storyteller and the audience embark on a high-wire act of shared experience which is both ...
…
continue reading
the memory palace
…
continue reading
"'A podcast about the internet' that is actually an unfailingly original exploration of modern life and how to survive it." - The Guardian. Hosted by Alex Goldman and Emmanuel Dzotsi from Gimlet.
…
continue reading
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
Security Insider is your resource for information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
…
continue reading
High tech, low budget. Library technology, FOSS, and cyberpunk.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
KAPTOXA POS and the PCI-DSS Recipe for Target Breach
Archived series ("Inactive feed" status)
When?
This feed was archived on August 10, 2018 01:58 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 151988534 series 1045642
Content provided by Global Cyber Security Inisght. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Global Cyber Security Inisght or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
You might not know KAPTOXA (KAR-TOE-SHA) According to an article in Business Insider there is belief that the recent breaches that have occurred for Target, Neimen Marcus and a host of other retail service stores is based on the work of a teenager from Russia. Intel Crawler an intelligence aggregator and cyber security firm. Pulled data from multiple underground and networked security contacts to create the picture. According to their findings the toolkit is more than 40 builds deep. What this effectively means to the community at large is that there are 40 variations of the tool in existence today. Unlike normal software development where software is revised according to quality of service improvements. Malicious code creators make their revision as they tailor the toolset to a specific target. No pun intended.
Additionally there are some key indicators that are coming about as part of this discovery. As always, the low hanging fruit for mitigation can be blocking of domains associated as part of the callbacks for the malware. Callbacks can be explained as the command and control location where either data is wrapped and sent back for external use, and also the C2 is the sites that may be created to established communications for future efforts of data manipulation.
Initial reverse engineering analysis of the malware indicates that at least one of the variants being used has the capability to run on standalone systems. Although, nobody is pointing any fingers out loud at this time tools that are run on standalone systems are often injected in 1 of two ways 1. Malicious Insider Threat, Or 2. Stupid Users. However, the complexity of the file and its intent would leave me not believing this is accidental.
My additional cyber insight is the belief that the compliance measures that have been made over the last 8 years may have also been a very crucial piece as to why these breaches were so successful. Having been a Policy writer for some time now I know there are key missing links between Information Assurance and ICT security. Further, it has to be understood that written policy sometimes becomes the reversal recipe that an actor will use to employ their circumventing mechanisms. In addition, the actors will often only employ the “one up method” as is the case specifically with the payment card industry’s security guidance PCI-DSS . A few examples that were revealed rather quickly. 1. The requirement not to use vendor supplied password such as the password POS, or vendor system name.. and the organizations used POS1, and vendor name1. Another requirement was to encrypt transmission of cardholder data across open, public networks…. But that doesn’t mean the network inside my WAN.. or does it? and one final one that continues to be the the demise of proactive security and defense is the requirement to maintain a policy that addresses information security for employees and contractors. This is not CND this is CYA, and it will fail you. It is time the retail industry starts participating in FS-ISAC exercises and not only installing sensors, but monitor those sensors.
Link Details: http://intelcrawler.com/about/press08
5 episodes
Share
Archived series ("Inactive feed" status)
When?
This feed was archived on August 10, 2018 01:58 (
Why? Inactive feed status. Our servers were unable to retrieve a valid podcast feed for a sustained period.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 151988534 series 1045642
Content provided by Global Cyber Security Inisght. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Global Cyber Security Inisght or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
You might not know KAPTOXA (KAR-TOE-SHA) According to an article in Business Insider there is belief that the recent breaches that have occurred for Target, Neimen Marcus and a host of other retail service stores is based on the work of a teenager from Russia. Intel Crawler an intelligence aggregator and cyber security firm. Pulled data from multiple underground and networked security contacts to create the picture. According to their findings the toolkit is more than 40 builds deep. What this effectively means to the community at large is that there are 40 variations of the tool in existence today. Unlike normal software development where software is revised according to quality of service improvements. Malicious code creators make their revision as they tailor the toolset to a specific target. No pun intended.
Additionally there are some key indicators that are coming about as part of this discovery. As always, the low hanging fruit for mitigation can be blocking of domains associated as part of the callbacks for the malware. Callbacks can be explained as the command and control location where either data is wrapped and sent back for external use, and also the C2 is the sites that may be created to established communications for future efforts of data manipulation.
Initial reverse engineering analysis of the malware indicates that at least one of the variants being used has the capability to run on standalone systems. Although, nobody is pointing any fingers out loud at this time tools that are run on standalone systems are often injected in 1 of two ways 1. Malicious Insider Threat, Or 2. Stupid Users. However, the complexity of the file and its intent would leave me not believing this is accidental.
My additional cyber insight is the belief that the compliance measures that have been made over the last 8 years may have also been a very crucial piece as to why these breaches were so successful. Having been a Policy writer for some time now I know there are key missing links between Information Assurance and ICT security. Further, it has to be understood that written policy sometimes becomes the reversal recipe that an actor will use to employ their circumventing mechanisms. In addition, the actors will often only employ the “one up method” as is the case specifically with the payment card industry’s security guidance PCI-DSS . A few examples that were revealed rather quickly. 1. The requirement not to use vendor supplied password such as the password POS, or vendor system name.. and the organizations used POS1, and vendor name1. Another requirement was to encrypt transmission of cardholder data across open, public networks…. But that doesn’t mean the network inside my WAN.. or does it? and one final one that continues to be the the demise of proactive security and defense is the requirement to maintain a policy that addresses information security for employees and contractors. This is not CND this is CYA, and it will fail you. It is time the retail industry starts participating in FS-ISAC exercises and not only installing sensors, but monitor those sensors.
Link Details: http://intelcrawler.com/about/press08
5 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Global Cyber Security Inisght
Listen to the complete PBS NewsHour, specially formatted as a podcast. Published each night by 9 p.m., our full show includes every news segment, every interview, and every bit of analysis as our television broadcast. Is this not what you're looking for? Don't miss our other podcasts for our individual segments, Brooks and Capehart, Politics Monday, Brief but Spectacular, and more. Find them in iTunes or in your favorite podcasting app. PBS NewsHour is supported by - https://www.pbs.org/news ...
…
continue reading
Every weekday, TED Talks Daily brings you the latest talks in audio. Join host and journalist Elise Hu for thought-provoking ideas on every subject imaginable — from Artificial Intelligence to Zoology, and everything in between — given by the world's leading thinkers and creators. With TED Talks Daily, find some space in your day to change your perspectives, ignite your curiosity, and learn something new.
…
continue reading
On Tuesday's and Friday’s The Moth’s podcast feed presents episodes of the Peabody-Award Winning Moth Radio Hour and original episodes of The Moth Podcast. Since its launch in 1997, The Moth has presented thousands of true stories, told live and without notes, to standing-room-only crowds worldwide. Moth storytellers stand alone, under a spotlight, with only a microphone and a roomful of strangers. The storyteller and the audience embark on a high-wire act of shared experience which is both ...
…
continue reading
the memory palace
…
continue reading
"'A podcast about the internet' that is actually an unfailingly original exploration of modern life and how to survive it." - The Guardian. Hosted by Alex Goldman and Emmanuel Dzotsi from Gimlet.
…
continue reading
Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week. Records live every Tuesday at 4:30pm Eastern / 1:30pm Pacific / 20:30 UTC.
…
continue reading
Security Insider is your resource for information on the latest developments in data security, regulatory compliance issues, technology, and trends affecting the industry.
…
continue reading
High tech, low budget. Library technology, FOSS, and cyberpunk.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
