CPX360: Attackers Are Delighted by the Expanding Attack Surface

Infosecurity Magazine | February 19, 2019

CPX360: Attackers Are Delighted by the Expanding Attack Surface
Ethical hackers have to “pretend and think like a criminal” as attackers think in the opposite way that a defender thinks. Speaking at Check Point Experience in Vienna, ethical hacker and Cygenta co-founder Freaky Clown (FC) said that he is driven by trust issues, and stated he “trusts nothing unless I understand it fully, and I untrust everything to the nth degree, and then I trust it.” FC pointed to security companies, saying you “cannot trust them to create secure software” and referenced cross-site scripting vulnerabilities, which have been present for the past 20 years. “It's really important to ensure every part of your security works together. You can spend millions, but if it does not work together you won’t have security in your building and hackers will find that flaw and use time and resources to get in,” he said. With more and more devices connected, FC added that the scale of attacks has changed and while the future sees more integration of AI and machine learning, the introduction of driverless cars “is fascinating to me [as a hacker].”

Spotlight

"Point-of-sale (PoS) systems have been around in one form or another for decades. Businesses in the retail and hospitality industries use these systems not only to accept payment, but to provide other operational information such as accounting, sales tracking, and inventory management.

From a security perspective, the most immediate risk to businesses and customers lies in accepting payments. The information customers hand over, if captured, can be used by cybercriminals to commit credit card fraud. Risk of exposure is the primary reason why the Payment Card Industry Security Standards Council (PCISCC) has established data security standards for organizations that handle the information of credit, debit, and ATM cardholders."

Spotlight

"Point-of-sale (PoS) systems have been around in one form or another for decades. Businesses in the retail and hospitality industries use these systems not only to accept payment, but to provide other operational information such as accounting, sales tracking, and inventory management.

From a security perspective, the most immediate risk to businesses and customers lies in accepting payments. The information customers hand over, if captured, can be used by cybercriminals to commit credit card fraud. Risk of exposure is the primary reason why the Payment Card Industry Security Standards Council (PCISCC) has established data security standards for organizations that handle the information of credit, debit, and ATM cardholders."

Related News

Darktrace is the world's leading cyber AI company and Eurofins announce Cyber Security partnership

prnewswire | October 05, 2020

Eurofins Digital Testing, a global leader in end-to-end quality assurance, testing and cyber security services has today announced a partnership with Darktrace, the world's leading cyber AI company. This new partnership will empower Eurofins' customers and community to detect and respond to in-progress attacks anywhere across their entire digital infrastructure with Darktrace's cyber AI, including the Cloud, SaaS, corporate networks, IoT and industrial control systems. Darktrace was founded in 2013, and today its AI technology is relied on by over 4,000 organizations worldwide to identify and automatically fight back against fast-moving and sophisticated cyber-threats.

Read More

Intent Data in the Age of Data Regulation

DECK 7 | March 23, 2020

Since the implementation of Data Protection Act in 2018, the approach behind the use of data has changed dramatically. Our clients and customers don’t just want a great experience, they also want to make sure they can trust us. Tweet This! And it makes perfect sense in the present time and space. But as data is considered a key factor in positive customer experience, the U.S. brands and agencies have found it to be increasingly complicated to earn customer trust while remaining compliant. In an article by John Snyder, CEO at Grapeshot, for Adexchanger, he says that the GDPR will remove 75% of third-party data and what’s left will be more expensive. This has caused the power dynamic between brands and agencies to evolve over time.

Read More

SessionGuardian Enterprise Reduces Work from Home Cyber-Security Threats for Businesses

prnewswire | September 21, 2020

Remote work is a fact of life. COVID-19 restrictions increase #WFH security risks. SecureReview now offers SessionGuardian Enterprise, a cost-effective cybersecurity solution for small to medium enterprises. SessionGuardian Enterprise protects the last 18 inches of the internet by plugging into existing hosted virtual machine infrastructure. The biometric AI-powered solution integrates with AWS, Azure, Citrix, VMware, and other main line virtualization platforms at significant cost savings. In 2020, SecureReview rolled out SessionGuardian. It's groundbreaking end-point protection software for sensitive data. With SessionGuardian and Session Guardian Enterprise, only an authorized user can view the document. When the user looks away, the screen blurs. If someone looks over the user's shoulder, the screen blurs. If the user points a smartphone at the screen, it blurs. Screenshots and screen shares are blocked and disabled.

Read More