Information Security, SSAE 16, ISO 27001, CISA, Cert-IN
Onapsis Bizploit is an SAP penetration testing framework to assist security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized SAP security assessment. The framework currently ships with many plugins to assess the security of SAP Business Platforms. Additional plugins are available for broader platform support including Oracle.
Read more here.
Pentoo is a Gentoo based penetrating testing linux LiveCD. It’s basically a Gentoo install with lots of customized tools, customized kernel, and much more.
Read more here.
A new Android app lets you see how much data your apps are using when your phone is idle–and what they do with it.
Read more here.
This month The Bancorp will become the first FI to roll out the new security feature for its mobile app from FIS.
FIS, a provider of banking and payments technology, has added biometric access to its mobile application to further ensure that only authorized users can access their FIS mobile accounts, a press release said.
Read more here.
A new ENISA report provides guidelines on the auditing framework for Trust Service Providers (TSPs). These guidelines can be used by TSPs (preparing for audits) and Conformity Assessment Bodies (auditors) having to undergo regular auditing – as set by the eIDAS regulation – and offer a set of good practices which can be used at an organizational level.
The report gives an overview of a typical three-stage audit methodology, listing all relevant requirements for the off-site (documentation level) and on-site (implementation level) assessment procedure, which is finalized with a conformity assessment report.
Read more here.
A New Zealand man watched powerlessly as a computer hacker remotely accessed his PC and started draining his PayPal account with online purchases. Hamilton man Girish Kuruvilla woke at 3am to the sound of his mobile phone vibrating incessantly, and thinking it might be a family emergency from his native India he went to take the phone call.
Instead, the screen of his smartphone was flooded with emails confirming purchases made from his PayPal account that was linked to his ANZ credit card.
Read more here.
Commix (short for [comm]and [i]njection e[x]ploiter) has a simple environment and it can be used by web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
Read more here.
Hackers continue their brazen attacks on organizations and are even having their victims call them on the phone to hustle them out of their company’s money. That’s what IBM’s Security Intelligence division has discovered while researching a malware-based attack they have dubbed The Dyre Wolf that’s responsible for stealing more than $1 million.
Download the full IBM report here.