Jacob Ansari

The 11 Biggest Issues IT Faces Today

From securing IoT to retraining IT talent to finding new revenue streams, CIOs have more than their share of concerns keeping them up at night. Each year we talk with tech leaders...

Supply and Demand (for security)

2018 was the year that raised the alarm in earnest about potential vulnerabilities in the supply chain for enterprise computing systems.But with such diverse networks and widespread...

EFAIL - They weren't kidding about the pretty good part

Schellman Joins PCI 3DS Assessors

Schellman & Company, LLC, a leading provider of attestation and compliance services, has become an assessor in the PCI Security Standards Council’s new 3-D Secure (3DS) program, and can...

Payment Security Insights

There are some important PCI DSS deadlines coming up. Let’s start with the SSL/early TLS migration. Why is it important for organizations to migrate away from SSL/TLS?

Malware in 2017: The More Things Change

This article discusses ransomware and looks briefly at malware affecting point-of-sale (POS) systems, considering attack vectors and relevant defenses. It also touches on some of the...

Ransomware Eating the NHS

On Friday, May 12, a number of National Health Service (NHS) facilities in the UK reported that their computers suffered a ransomware attack, and started causing a significant impact on...

New Strain of Linux Malware Could Get Serious

A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat.

New Strain of Linux Malware Could Get Serious

A new strain of malware targeting Linux systems, dubbed "Linux/Shishiga," could morph into a dangerous security threat.

The Dyn Outage and Mirai Botnet: Using Yesterday’s Vulnerabilities to Attack Tomorrow’s Devices Today

On October 21st, Dyn, a provider of domain name services (DNS), an essential function of the Internet that translates names like www.schellmanco.com to its numerical IP address, went...

Happy birthday to… wait, who’s this guy?

Originally published by the Cloud Security Alliance: blog.cloudsecurityalliance.org How many arbitrary people do you have to get into a room before two of them share the same birthday?...

To the Man Who Has But a Rowhammer

In 2014, researchers with Carnegie Mellon University and Intel discovered a potential attack against computer memory, one that attacked the electrical properties of the hardware rather...

5 Questions with Community Speaker - Jacob Ansari

Originally published at blog.pcisecuritystandards.org In this post, we get insights from Jacob Ansari, Manager at Schellman & Company, LLC He will present“Hunting Paper Tigers: A...

A Game of Pwns: A Storm of (Pas)swords

Despite their perpetual status as old news, passwords and their security weaknesses continue to make headlines and disrupt security in ever-expanding ways, and the usual advice about better...

Infosec Trends in 2016

A new year invariably brings new resolutions, reflections, and predictions, and we are no different in our look at information security for 2016. Here are some things to consider and our predictions.

Between SSL-cylla and Charib-TLS

(Odysseus in Front of Scylla and Charybdis, Henry Fuseli Source: Wikipedia) Securing encrypted Internet traffic transmissions, such as those between web browsers and web servers, is decidedly not...

PCI SSC Updates Deadline to Remove SSL 3.0 and Early TLS

Today, the PCI SSC announced an update to the deadlines to remove insecure cryptographic protocols, namely SSL and early TLS (i.e., TLS 1.0). The original publication required disabling these...

PCI SSC Explains How To Respond to a Data Breach

Originally published on www.iapp.org

Security Checkpoints In Your SDLC?

My SOC 2 auditor says that we must include security checkpoints in our SDLC. If we have really good security process in place and review the code for security issues, why do we still need...