fintech Archives - IT Security Guru

Half of UK financial institutions vulnerable to well-known crypto flaws

The Gurus — Tue, 05 Jan 2016 10:07:16 +0000

Fifty per cent of UK high street financial institutions utilise weak SSL certificates on their secure authentication portals, according to a new study by Xiphos Research.
An assessment of 84 UK- and foreign-owned banking institutions in November by the international information security firm, and published on Monday, found that more than half were running SSL certificates that may expose their customers data to unwarranted risk.

Original Source: The Register
View the full story here

The post Half of UK financial institutions vulnerable to well-known crypto flaws appeared first on IT Security Guru.

New date for migrating off vulnerable SSL and early TLS encryption

The Gurus — Mon, 21 Dec 2015 09:45:38 +0000

Following significant feedback from the global PCI community and security experts, the Payment Card Industry Security Standards Council (PCI SSC) announced a change to the date that organizations who process payments must migrate to TLS 1.1 encryption or higher. The previous date of June 2016 has been moved to June 2018.
The original deadline date for migration, June 2016, was included in the most recent version of the PCI Data Security Standard, version 3.1 (PCI DSS 3.1), which was published in April of 2015. The new deadline date, June 2018, will be included in the next version of the PCI Data Security Standard, which is expected in 2016.
“Early market feedback told us migration to more secure encryption would be technically simple, and it was, but in the field a lot of business issues surfaced as we continued dialog with merchants, payment processors and banks,” said Stephen Orfei, General Manager, PCI SSC.

Original Story: Help Net Security
View the full story here

The post New date for migrating off vulnerable SSL and early TLS encryption appeared first on IT Security Guru.

You’re the Weakest Link, Goodbye!

The Gurus — Thu, 26 Nov 2015 10:23:42 +0000

The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.
Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.

VIEW IT HERE: https://www.brighttalk.com/webcast/11399/179581

The post You’re the Weakest Link, Goodbye! appeared first on IT Security Guru.