thePCI Portal

Category: Breach

Cloudy Breach

The Register has a story about a breach at cloudy service supplier Aptos. Aptos has several cloud services.  POS in the cloud.  Ecommerce in the cloud (didn’t see that one coming!). etc.  The timeline of what happened is: Feb 2016 – There was a breach and malware installed in the cloud. Nov 2016 – Aptos…

Before you read the 2015 Verizon DBIR…

Before you read the recently released 2015 Verizon DBIR, you may get some benefit from listening to the April 16th  Risky Business podcast episode where Bob Rudis of Verizon speaks about the company’s annual data breach investigation report.  He highlights some of the interesting findings for you! Ad below this line:

Whats a stolen PAN worth nowadays?

The paper titled “Examining the Structure, Organization, and Processes of the International Market for Stolen Data” will bring you up to date on the value of several forms of stolen data (as of March 2014).  The paper was written by Thomas J. Holt and Olga Smirnova and financed by US Dept of Justice.  Lots of…

Malware on POS systems

Did you see the CERT warning about the POS malware named Backoff?  The Ars Technica article is a nice summary of the US CERT piece which is technical. The malware retrieves track data from the memory of systems it is installed on.  Combined with key logging, update capabilities and a low antivirus detection rate, its…