Compliance IS NOT Security, Again.

Here is yet another example of how compliance is not security.

"Restaurant Depot, a College Point, N.Y.-based wholesale supplier, has notified officials in several states of a point-of-sale network breach that exposed a yet-to-be-determined number of customer debit and credit cards.  The company experienced a similar breach in 2011 that affected more than 200,000 individuals. Company officials say they took steps to enhance point-of-sale security after that incident."

At Razorpoint Security, we are constantly analyzing new ways to protect our clients' data and network environments. Contact us today for a real-world analysis of your company's security.

[Source: Bank Info Security - Wholesaler's POS Network Hacked Again]

Watching China While They Watch Us

While China's growing business economy continues to be the popular media story of the last five years, many of its tactics to reach these high levels of productivity have come under scrutiny. Foreign reporters have sent back their observations from the field, which include stories of oppressive labor factories that crank out most of the First World Nations's gadgets. However, China is not only making the gadgets. They're also developing the ability to have our gadgets watch us at work.

The New York Times reports: "'If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,' said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence."

The Chinese and Russians have been stealing business and government secrets from all over the globe. Even large cyber security companies like McAree are left somewhat vulnerable.

"What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets."

At Razorpoint Security, we are constantly looking at new ways to protect your data locally and internationally. Contact us today for how we can save your information for tomorrow.

[Source: The New York Times - Traveling Light in a Time of Digital Thievery]

Along with Falling Stock Prices, Banks Fret Over Cyber Security

In a new survey conducted by Fundtech, a global supplier of banking software, 100 executives from 50 financial institutions were asked what some of the biggest challenges the industry faced. In a dramatic uptick from last year, 65% said fraud monitoring has become an increasing concern. Last year's poll put that number at 53%.

According to Credit Union Times, who carried the story, "74%[of executives surveyed] said they think theihttp://www.blogger.com/img/blank.gifr small and medium-sized enterprise customers would be willing to change financial institutions to get better security and 79% said thttp://www.blogger.com/img/blank.gifhey think that 'only a small fraction of their business client base understands their liability for fraudulent transactions.'"

"'With little expectation that cyber attacks will be brought under control anytime soon, banks, their customers and their technology suppliers must collaborate in order to effectively quell this growing challenge,' said George Ravich, Fundtech’s chief marketing officer."

This is all the more reason to find out what Razorpoint Security can do for safeguarding your online business in retaining and building customer confidence.

Mobile Payment Device Square Shows It's Not In Shape Yet

The tech world has been buzzing for the last year about the mobile payment device Square. Its inventor, Jack Dorsey, who also founded Twitter, has been marketing it as a boon for small businesses and independent vendors.

But it could be cyber criminals who profit the most, stealing credit card data from the device's easily hacked audio recognition software. Tech blog Mashable reports:

Adam Laurie and Zac Franken, directors of Aperture Labs, discovered that due to a lack of encryption in the current Square app and free dongle for swiping cards, the mobile payment system can be used to steal credit card information, without even having the physical credit card.

Square works by converting credit card data into an audio file that is then transmitted to the credit card issuer for authorization.

In order to bypass the need to swipe a card, Laurie wrote a simple program — in fewer than 100 lines of code — that enables him and Franken to feed magnetic strip data from stolen cards into a microphone and convert that data into an audio file. Once that is played into the Square device via a $10 stereo cable, the data is sent directly to the Square app for processing.

Through a combination of proprietary knowledge and cutting edge tools and technology sets, Razorpoint helps security-minded organizations repel potentially lethal cyber threats that often elude mainstream network security providers. Contact us today to learn more about our security services.

US House of Representatives committee approves cybersecurity standards bill

The U.S. House of Represenatives is getting more serious with cyber security by pushing a new bill through the Senate. According to Computer Weekly:

The US House of Representatives has passed a bill designed to increase education, research and development to counteract cyberthreats.

The House Science, Space and Technology Committee last week approved the Cybersecurity Enhancement Act of 2011, which mirrors legislation passed last year by the House, but that never made it to the Senate, according to US reports.

With technology developing at faster rate than ever, Razorpoint Security, along with members of the U.S. Government, are working harder than ever in increasing cyber security.

Sony Continues To Be Threatened By Cyber Criminals

The Sony Corporation, after suffering a cyber attack on its Playstation Network of 70 million users in late April, is still receiving formative threats.

A group of cyber criminals who have taken responsibility for breaking into PBS' site last week, calling themselves LulzSec, are upping the ante with the technology company.

From CNET:

The group...has been promising Sony attacks since this past weekend when it posted to its Twitter account that it is engaged in an operation it calls "Sownage," shorthand for Sony Ownage. The group stated at the time that it was working on hatching a plan that would be the "beginning of the end" for Sony. It has yet to reveal what it has planned. But yesterday the group said that the attack was already under way, seemingly without Sony's knowledge.

We at Razorpoint Security continue to take a serious interest in this story. If you feel your company needs tighter network security in defending against cyber-criminality, reach out to us.

Security Provider Finds Vulnarabilities In Cisco System's Devices

At Razorpoint Security, we always stress that gadgets are not always the answer to finding holes in network security. But when it's the devices themselves that are allowing this breach, the network could at times be more complex to monitor. Such is the case with Cisco Systems, who recently found out their equipment has vulnerabilities they've been trying to patch up since 2010.

According to PC World's Business Center,

"The findings hint at two apparently contradictory themes, that of uniformity and complexity.

"The uniformity derives from the commoditization of IT equipment over the last decade, which has left companies of all sizes, in all countries and in all business sectors using similar families of products which are therefore open to the same vulnerabilities, including PSIRT 109444.

"As networks have become more uniform around standards and more commoditized, vendors have responded by competing in terms of features and development, which has created more complexity within the product families of dominant vendors such as Cisco. As complexity rises, so do the problems associated with management. Dimension also found that many network devices looked at in its assessments suffered from a range of configuration and policy violation issues in ways connected to this theme."