In case anyone missed this... I dont believe this
Post# of 82686
(Total Views: 589)
Posted On: 07/28/2018 11:43:53 PM
In case anyone missed this... I dont believe this has been posted yet.
"Strengthen GDPR and PCI
by adding keystroke encryption
Many PCI professionals, including QSA Auditors and Forensic Examiners, are talking about how keystroke encryption can help raise the level of PCI and strengthen GDPR by protecting network credentials and customer data. PCI DSS 3.2 Requirement 5.1 offers guidance to protect systems from "zero-day" malware (an attack that exploits and unknown vulnerability) by keeping antivirus update regularly. However, malware starts out as "zero-day" until it gets reported to antivirus as a result of a breach. If that zero-day malware is a keylogger, then all of the keystrokes the user inputs prior to discovery, have already been stolen. This includes network access credentials. In addition, many keyloggers are polymorphic, meaning they have the capability to change their form and continue to elude antivirus for months and sometimes years.
Keyloggers are one of the most common, yet dangerous, components in malware. They steal every keystroke you type into a PC or mobile device and have been leveraged in some of the biggest breaches of our time. In fact, keyloggers and screens scapers have been recently implicated in the DNC email hack, which indicted twelve Russian intelligence agents. A recent Verizon Data Breach study reports, "With regard to malware-related breaches, over 60% featured keyloggers."
This from ACS's website.
https://www.advancedcybersecurity.com/
GLTA
IMO
"Strengthen GDPR and PCI
by adding keystroke encryption
Many PCI professionals, including QSA Auditors and Forensic Examiners, are talking about how keystroke encryption can help raise the level of PCI and strengthen GDPR by protecting network credentials and customer data. PCI DSS 3.2 Requirement 5.1 offers guidance to protect systems from "zero-day" malware (an attack that exploits and unknown vulnerability) by keeping antivirus update regularly. However, malware starts out as "zero-day" until it gets reported to antivirus as a result of a breach. If that zero-day malware is a keylogger, then all of the keystrokes the user inputs prior to discovery, have already been stolen. This includes network access credentials. In addition, many keyloggers are polymorphic, meaning they have the capability to change their form and continue to elude antivirus for months and sometimes years.
Keyloggers are one of the most common, yet dangerous, components in malware. They steal every keystroke you type into a PC or mobile device and have been leveraged in some of the biggest breaches of our time. In fact, keyloggers and screens scapers have been recently implicated in the DNC email hack, which indicted twelve Russian intelligence agents. A recent Verizon Data Breach study reports, "With regard to malware-related breaches, over 60% featured keyloggers."
This from ACS's website.
https://www.advancedcybersecurity.com/
GLTA
IMO
(6)
(0)