New PoSeidon Adventure is a POS Malware Threat to Retailers

New malware program PoSeidon targets retail POS credit card terminals. Lazarus Alliance QSA services protects clients against it.

The stunning reality is that the majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Lazarus Alliance has been years ahead with proactive cyber security services.

Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon. Compromised POS systems are vulnerable to these attacks, which allow the RAM of an infected terminal to be scanned by the malware. PoSeidon looks for unencrypted credit card data, and then transmits that data out to an exfiltration server controlled by the cyber criminals.

New malware program PoSeidon targets point-of-sale systems. Lazarus Alliance PCI QSA services protect clients against it.

This technique has long been known to security experts. The Proactive Cyber Security™ services at Lazarus Alliance has been years ahead of this issue by offering solutions to companies that utilize POS systems that ensure this memory scraping technique does not compromise a payment process.

William Ochs, GRC Partner of Lazarus Alliance said “Not only has Lazarus Alliance long called for end-to-end encryption technology to be utilized to mitigate the risk posed by POS threats, but Lazarus Alliance also has a proven track record of offering actual solutions to implement end-to-end encryption protecting retailers globally.”

As long as organizations remain reactive instead of proactive in their approach to cyber security, they will continue to fail the constituents they work to protect. The PoSeidon POS malware program is another example in a daunting list of the challenges that face organizations concerned with their PCI DSS stance.

As a PCI DSS audit Qualified Security Assessor (QSA) company, Lazarus Alliance has been approved by the PCI Security Standards Council (SSC) to measure an organization’s compliance to the PCI DSS audit standard. Lazarus Alliance specializes in providing our clients with scalable, efficient solutions for meeting the rigorous demands of Payment Card Industry (PCI) compliance. We do this in part because of our breakthrough proprietary technologies called the IT Audit Machine (ITAM) and the Policy Machine.

“It’s incumbent upon security professionals to proactively advocate for best practices in cyber security, risk and compliance; too often, the opposite occurs in the industry,” said Ochs

Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™!

Resistance is NOT Futile for Cyber Insurance Insurers

Resistance is NOT Futile for Cyber Insurance Insurers

Cyber Insurance Resistance is not Futile for ProvidersIf you think that the business general liability or even purpose built cyber insurance policies will cover you in the event of a cyber-security breach, it’s highly likely you are mistaken. In fact, it is in your carrier’s best business interest to deny your claim.

Chances are the exemptions in your cyber insurance policy exclude coverage for access to or disclosure of confidential or personal information which accounts for the majority of claims. Cyber criminals are in it for profit which means they are going after confidential or personal information.

Cyber insurance claims are being denied when breaches occur as the result of hackers exploiting commonly known security vulnerabilities which amounts to negligence on the insured. When on average 96% of all breaches are avoidable, the only thing that stands between being breached and having your cyber insurance claim denied is the effective implementation of controls and countermeasures from taking a Proactive Cyber Security approach.

Lazarus Alliance is Proactive Cyber Security™

Lazarus Alliance will examine your policy during an IT risk assessment or Cybervisor readiness review and help you understand where your vulnerabilities and threats to your business may be. It may very well be that cyber insurance policy you purchased to protect your business.

Risk management is so fundamentally important to business survival. Organizations all around the world are suffering through cyber-attacks; some unsuccessfully too. Espionage and Hacktivism is on the rise. Additionally, the global economic crisis exposed major weaknesses in the systems of financial institutions, motivating companies to reassess their IT. As if that were not enough, increased regulatory demands, pressure from top management for faster and better business information, and advances in risk management by top-tier competitors are prompting smart companies to transform their risk IT functions.