Tag: BAI Security Audit
BAI Security Audit

Update on Superfish/Komodia Malware – How to find and remove it

As we get more details about the ugly Superfish debacle, it’s become apparent that the impact of this malware extends further than a limited amount of laptops compromised by a manufacturer (Lenovo) eager to monetize customer’s screen space. Lenovo says it only wanted to “enhance the online shopping experience” for its users. (Of course, as many of us have learned, if it “enhances the online experience” it should immediately raise security suspicions). The other two companies involved are search startup Superfish (whose eponymous software is the malware in question), and a software “solution provider” Komodia. Superfish used one of Komodia’s software development kit, which is clearly identified as an SSL Hijacker, in its adware. Lenovo factory-installed the Superfish “visual search”

Read More »
BAI Security February 25, 2015
Attack

Huge Development In Cyber Espionage Tech

The United States has reportedly managed to develop a method that allows it to permanently embed surveillance and malware tools in computers and networks around the world, according to Kaspersky Lab, a Russian cybersecurity firm. Kaspersky presented its research at a conference in Mexico Monday night. They have dubbed the creators of this technique the “Equation Group,” and have broadly hinted that it is tied to the U.S National Security Agency and its military partner, United States Cyber Command, due in part to a similarity between Stuxnet – the computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program – and the new malware platform. But the Equation’s level of sophistication makes Stuxnet seem like child play, according

Read More »
BAI Security February 19, 2015
Audit

PCI DSS 3.0: Are You In Compliance Yet?

The new Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) that went into effect on January 1 contains significant changes.  Some of the requirements will remain suggested best practices until July 1, 2015. After that, they too become mandatory. PCI 3.0 will have the greatest impact on e-commerce merchants who partner with third parties for payment card data collection, along with third party service providers who remotely manage merchant systems and networks.  Up to version 2.0 of the PCI DSS, fully outsourcing an e-commerce payment system via a redirect payment company put the web environment out of scope. The web environment didn’t touch payment card data, and therefore did not have to meet PCI requirements. But now, under

Read More »
BAI Security February 12, 2015
Attack

Securing Billions of Smart Things

There are roughly 25 billion smart devices and objects busily gathering data and beaming information back to their respective motherships (and business partners).  That’s up from 7 billion things a mere five years ago. And five years from now? The consensus is 50 billion things will be interconnected, merrily gathering data, and making our lives easier/transforming the world into a marketer’s magic kingdom. The US Federal Trade Commission (FTC) has signaled its strong interest in bringing privacy enforcement to the so-called Internet of Things (IoT), with the release of its “voluntary standards” report this week.  We put those two works inside quotes because while the standards are voluntary right now, it’s a safe bet that they will be used in

Read More »
BAI Security February 3, 2015
BAI Security Audit

THE NEXT BIG ADVANCE IN BREACH DETECTION & PREVENTION

Sears Holdings Corp. announced in March of this year (2014), it was investigating a possible security breach after a series of cyberattacks on other retailers have exposed the data of millions of consumers. The security review was still at an early stage as Verizon Communications Inc. (VZ)’s digital forensics unit and the U.S. Secret Service sift through the company’s computer data to look for traces of hackers and the extent of any incursion, according to two people familiar with the matter. Sears, which was already working to reverse 28 straight quarters of declining sales, could be faced with fighting a possible hacking attack with shoppers on edge after a flurry of retail data breaches tarnished the image of merchants including

Read More »
BAI Security April 1, 2014
BAI Security Audit

BAI Security: “Most Promising Enterprise Security Companies”

BAI Security is pleased and proud to announce that we have been included in the CIO Review Enterprise Security list of the “20 Most Promising Enterprise Security Companies.” The companies included in this year’s list were selected by a panel of CIOs and CEOs of public companies, analysts, and the CIO Review editorial board. The list highlights a select group of companies that “provide uniquely effective approaches to enterprise security threats.” CIO’s write-up also states that it “believes these companies have achieved significant momentum and will rise above the rest.” So you can see why we’re so pleased to be included. In CIO Review’s article on BAI Security, we were (correctly!) described as a “singularly-focused IT Security and Compliance firm

Read More »
BAI Security March 3, 2015

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact