DISC InfoSec blog

Researchers from Cyble analyzed a new, highly evasive JavaScript skimmer used by Magecart threat actors. Cyble Research & Intelligence Labs started its investigation after seeing a post on Twitter a new JavaScript skimmer developed by the Magecart threat group used to target Magento e-commerce websites. In Magecart attacks against Magento e-stores, attackers attempt to exploit vulnerabilities in the popular […]

Organisations that fall within Levels 2–4 of the PCI DSS (Payment Card Industry Data Security Standard) can attest to compliance with an SAQ (self-assessment questionnaire). You will fall into one of those levels if your organisation processes fewer than six million card transactions per year. There are several types of questionnaire, and in this blog we help […]

Much attention and excitement within the security world has recently been focused on the lucrative surge in crypto-mining malware and hacks involving or targeting cryptocurrency implementations themselves. Yet the volume of ‘real world’ transactions for tangible goods and services currently paid for with cryptocurrency is still relatively niche in comparison to those that are being […]

Threat actors used an unnamed cloud video platform to install an e-skimmer on more than 100 real estate websites belonging to the same parent company. In e-skimming attacks, attackers inject malicious JavaScript code into e-stores to financial data while visitors are purchasing products. Researchers from Palo Alto Networks documented a supply chain attack in which the attackers […]

The ultimate guide to PCI DSS compliance Luke Irwin   If your business handles debit or credit card data, you’ve probably heard of the PCI DSS (Payment Card Industry Data Security Standard). It’s an information security framework designed to reduce payment card fraud by requiring organisations to implement technical and organisational defence measures. We explain everything you […]

Download pdf: 3 sign it’s time to rethink your PCI PenTesting Strategy Learn more about PenTest as a Service

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the […]

Source: Bleepingcomputer Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. The Indian national carrier first informed passengers that SITA was the victim of a cyberattack on March 19. “This is to inform […]

The PCI DSS Toolkit Overview Does your organization process, transmit or store payment card data? If your answer is yes, then you need to comply with the PCI DSS (Payment Card Industry Data Security Standard). The payment Standard helps to ensure the security of transactions and protect your business from potential data breaches and fines. […]

Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’ websites. The data from FBS.com and FBS.eu comprised millions of confidential records including names, passwords, email addresses, passport numbers, national IDs, credit cards, financial transactions and more. Were such detailed personally identifiable information (PII) to […]

Names, credit card data, addresses, and information on transactions as recent as yesterday are being sold online. As of Wednesday, sellers in two dark web stores were offering information from what appeared to be 278,531 accounts, although some of those may be duplicates or not genuine. As of April, Instacart had “millions of customers across […]

By Nick Calver @ITG Drafting detailed data protection policies and documentation is vital for improving security for your customers, stakeholders and brand because it shows your understanding and commitment to the PCI DSS (Payment Card Industry Data Security Standard). From policy, to procedure, to configuration standard, a significant proportion of PCI DSS compliance begins with documentation. […]

  Council Issues Guidelines to Address Security Shortcomings In its just-released guidelines for ongoing risk assessments, the Payment Card Industry Security Standards Council notes three specific areas for improvement. The guidelines, which are intended for any organization that handles credit or debit card data, offer specific recommendations for risk assessments, such as how to create […]

  Organizations that need to comply with PCI-DSS need to create their own risk assessment methodology that works for their specific business needs, according to a new report by the Payment Card Industry Security Standards Council (PCI SSC). PCI Risk Assessment Special Interest Group says When developing their own risk assessment methodology, organizations may consider adapting an industry-standard methodology […]

By Azie Amini Protection of credit card/ATM card transactions and the latest trends in banking, credit card or internet fraud. • As we go towards the end of the year, one by one report each credit card missing and get a new one with a new account number (make sure you ask for a new […]

Some basic advice has been issued by Apacs, and includes: * Don’t let your cards or your card details out of your sight when making a transaction * Do not keep your passwords, login details or Pins written down * Do not disclose Pins, login details or passwords in response to unsolicited emails * Only […]

Where can we find information about PCI DSS compliance that is focused on those of us who are “Mom & Pop” shops? Since most small organizations fall into the sell-assessment category, a great resource is the Security Standards Council SAQ (Self-Assessment Questionnaire) section. Specifically these documents: SAQ main page PCI DSS SAQ instructions and guidelines […]

RFID Security Thieves now have the capabilities to steal your credit card information without laying a hand on your wallet. It’s new technology being used in credit and debit cards, and it’s already leaving nearly 140 million people at-risk for electronic pickpocketing. It all centers around radio frequency identification technology, or RFID. You’ll find it […]

Image by purpleslog via Flickr PCI SSC has pre-announced the summary of changes for expected PCI 2.0 in October 2010. Based on summary report most of the changes are clarification or guidance. According to Bob Russo, general manager of the PCI Security Standards Council. “This version is 2.0, and the connotation is that there will be […]