Vectra Corporation Blog

TorrentLocker Ransomware Outbreak

May 19, 2016 7:08 am

Ransomware outbreak We are aware that today there have been multiple instances of the TorrentLocker ransomware being spread on fake AFP websites. There are in excess of 17 compromised websites redirecting traffic to the TorrentLocker landing page: http:/ /tpmclubindia.org/FvnXcQ4PiN/9OXGszo.php http:/ /jysproductions.com/CJcvbA4BZrN/Z6mxSoTg1lXnAj.php The attackers are using well crafted landing pages such as: http:/ /australianpolicenotice.net http:/ /yourpack24finder.net We advise our clients to: •  Block access to known compromised or malicious landing pages through firewall restrictions •  Ensure that malware and anti-virus protection is installed and that signature files are current •  Do not enter Captcha codes to any infringement or trial case... Read More

PCI DSS 3.2 Published

May 2, 2016 11:40 am

PCI DSS 3.2 now published As foreshadowed in my earlier blog post, PCI DSS 3.2 was published at the end of April. A summary of changes can be found at PCI DSS 3.2 Summary of Changes. All updated documents including new SAQs are available for download from the PCI SSC Document Library. PCI DSS v3.1 will remain valid until October 31 2016, after which it will be retired. All PCI DSS assessments from November 2016 must be to PCI DSS v3.2. Service Providers are advised that there are some updates in PCI DSS 3.2 that will require changes to existing... Read More

Data Breach Disclosure Legislation

April 26, 2016 2:00 pm

Australia’s long awaited mandatory data breach regime moves closer to reality. The Attorney-General’s Department has released a draft of the Australian Government’s promised mandatory data breach notification bill. The Attorney-General’s Department recently sought comments on an exposure draft of the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 (Cth) (Exposure Bill).  The submission period has now closed and the Attorney-General’s Department has published a number of the non-confidential submissions on its website. Many of the submissions raised similar issues, including: Concerns about the scope or lack of definition of key terms in the Exposure Bill, such as ‘real risk’ and... Read More

PCI DSS 3.2 Release

April 12, 2016 3:13 pm

PCI DSS 3.2 – What Changes You Should Expect ? You may have heard that the PCI Security Standards Council (PCI SSC) is planning to release PCI DSS 3.2 in April 2016. But what does this mean? How much will you need to change at your business ? Why are they releasing it early? Here are some things you should know. The PCI Security Standards Council has decided to release PCI DSS 3.2 in advance of the next major release.  The primary driver was to publish updates to the requirements for migration of TLS (Transport Layer Security).  Since the deadline... Read More