loader from loading.io

Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Release Date: 10/16/2020

AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet  show art AS HEARD ON - The Jim Polito Show - WTAG 580 AM: Computer Repair, Hunter Biden's Laptop and Scully's Tweet

Craig Peterson - America's Leading Security Coach

Welcome! Good morning, everybody. I was on WTAG this morning with Jim Polito.  We got into a lengthy discussion about Hunter Biden and the legitimacy of the emails and how to tell, also about computer repair shops and then a little about Steve Scully's tweet and his lies about it. Here we go with Jim. For more tech tips, news, and updates visit - ---  Automated Machine Generated Transcript: Craig Peterson: [00:00:00] That is a dead give away and these news agencies such as Fox who have seen both emails, I'm sure dug into it because they said these emails were legitimate because we...

info_outline
AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities show art AS HEARD ON NH Today WGIR-AM 610: Election Security and Federal Warning about Nation-State Actors accessing Vulnerabilities

Craig Peterson - America's Leading Security Coach

Welcome, Good Monday morning, everybody. Craig Peterson here. You will find here a different host this morning on NH Today. Jack Heath has moved on to another radio group. I was on with Scott Spradlin. We discussed election security in the light of revelations by the FBI and DHS about Nation-State Actors accessing our election systems through known vulnerabilities. Here we go with Scott.  These and more tech tips, news, and updates visit. -  ---  Automated Machine Generated Transcript: Craig Peterson: How vulnerable are the web pages where these final tallies are as well. So...

info_outline
Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast show art Trojan Worm Infecting Republicans through Phishing Scam plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses a new Phishing Scam that is targeting Republicans with a legitimate email but that adds an attachment with a nasty trojan payload.   For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hi, everybody. We're going to be talking about some new Trojan malware that targets Trump supporters. Some new tools that are out there. Ransomware being paid by one of the country's biggest online providers right here. Hey everybody. I'm Craig Peterson. Today we are going to with no...

info_outline
Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast show art Security Tools You Can and Should Use plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments.  I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here.  I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I...

info_outline
Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast show art Ransoming Local and State Governments plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses why State and Local governments are getting ransomware and who is actually at fault. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, Tyler technologies, you might not have heard of them, but you've almost certainly use them. And we'll tell you why they got nailed by these human-operated ransomware pieces that are floating around there as part of phishing expeditions. Here we go. Hey, thanks for joining me. This is Craig Peterson of course. Tyler technologies, you might not...

info_outline
5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast show art 5G Speeds and What is Really going on plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses 5G and explains how it works why what you may have heard about 5G speeds might have a bit misleading. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Are you as excited about five G as I am? I got some good news and I got some bad news and we're going to explain 5g here because five G, isn't five G, isn't five G.  Why is Europe so much faster? Hey everybody. Thanks for tuning in. You're listening to Craig Peterson. five G held open a couple of different promises. One of the big promises of five G was...

info_outline
 Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast show art Uncovering the Mystery of Disk Encryption plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig helps to unravel the mystery behind disk encryption and tells you what you need to know. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, welcome back in this hour, we are going to be talking about security, hardware, security. You might not be aware of it. we're going to be talking about trusted platforms and hardware, encryption, and keys because this is the only thing that's really going to protect you.  Thanks for listening. I'm Craig Peterson. Let's talk about that security....

info_outline
Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast show art Apple's T2 Vulnerabilities plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the vulnerabilities in Apple's T2 Chip. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Hey, if encryption has been really messing you. I'm trying to figure out how do I make these things safe? What is data at rest? What is Data-in-flight? How come we have disc encryption at the hardware level? What does it mean to have a TPM, the T2  what's Apple doing that's what we're talking about right now. Hi everybody. Craig Peterson here. Welcome back. So glad to have you.  I...

info_outline
Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast show art Using TPM to Secure Windows and Linux Operating Systems plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses the uses of TPM in securing Windows and Linux For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] We're going to delve now into the idea behind keeping your data safe on your disks and what are the different regulations about it? Cause there's a few right now that you need to know about. Hi everybody. Welcome back, Craig Peterson  We're talking today, at least this hour about security because of a major security problem that was announced this week, about Apple's security chip,...

info_outline
Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast show art Business PCI Compliance and Android Ransomware plus more on this Tech Talk with Craig Peterson Podcast

Craig Peterson - America's Leading Security Coach

Craig discusses PCI DSS Compliance in businesses and the increasing problem with Android ransomware. For more tech tips, news, and updates, visit - CraigPeterson.com --- --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you have a business that takes credit cards if you. Ever go into a business or use a business online that takes credit cards. There are some special rules that you need to follow called the PCI standards. We'll talk about it. Hi, welcome back. This is Craig Peterson here. Verizon. I'm not sure if you've seen these before, but Verizon has...

info_outline
 
More Episodes

Craig discusses PCI DSS Compliance in businesses and the increasing problem with Android ransomware.

For more tech tips, news, and updates, visit - CraigPeterson.com

---

Trojan Malware Targets Trump Supporters

Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0

Tyler Technologies finally paid the ransom to receive the decryption key

5G in the US averages 51Mbps while other countries hit hundreds of megabits

Appleā€™s T2 security chip has an unfixable flaw

Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance

Android Ransomware Has Picked Up Some Ominous New Trick

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] If you have a business that takes credit cards if you. Ever go into a business or use a business online that takes credit cards. There are some special rules that you need to follow called the PCI standards. We'll talk about it.

Hi, welcome back. This is Craig Peterson here.

Verizon. I'm not sure if you've seen these before, but Verizon has security reports. It has a number of different reports and they tend to all come out annually and here within the last couple of weeks, Verizon released their payment security report for this year,. It is an annual report and it's having a look at how organizations are maintaining compliance with something called the payment card industry data security standard, or PCI DSS.

Now we have a client I'm thinking of right now that's a small a doctor's office and they, of course, have to take credit cards and they had their credit card processing suspended by the credit card processor. I'm thinking of another one as well, which is a pizza joint.  They too had credit card processing threatened for suspension. In their case, they had a couple of weeks to clean up their act and both cases. They pulled us in to help straighten things out.

But what was interesting about the doctor's office is they sent a physical copy of the PCI agreement, the payment card industry agreement, so that if they wanted to accept credit cards, they had to sign this agreement. Now,  first of all, in this day and age, that's remarkable in and of itself, right?

We get PDFs, but how many of us just pencil whip, PDFs, or click whip, I guess PDFs, most of us. It's really rare that we read the contract and it's interesting to know too, that not only was it a physical copy, but this thing it was hundreds and hundreds of pages long. It was huge. It was absolutely huge.

So they had to sign a physical copy of this thing. What happens is if you are accepting the payment cards, in other words, credit cards, and someone reports that there is an unauthorized charge on that card. The guys and gals at the payment card industry, start to look at your business. Now we had a case right here by my house.

It was a Wendy's,I think it was and apparently, the manager of the Wendy's and the employees were skimming credit cards. So you'd go in, you'd give them the credit card. They'd run it and give you the card back. Wow. They didn't just run it for your lunch. They made a copy of the credit card.

Okay. Now that's part of the reason we've got these smart chips on credit cards. Europe is way ahead of us on using those smart cards. And frankly, it's a risk, right? It's risk tolerance.

How much risk tolerance does Visa or MasterCard or whoever have and how much risk tolerance do the businesses have that accept the cards and then how much risk tolerance do you have?

In this case with Wendy's, they got a lot of complaints about that Wendy's store, where the cards we're all used at some point over the course of the last number of weeks and were used elsewhere as well.  The owners of the cards had reported some of these transactions at other places as not right being made by them. Now the credit card companies will go ahead and give you a credit on your bill, so you don't have to pay that contested portion.

But then, and they start looking into it a little bit more seriously. In the case of the doctor's office, they did get suspended at least for a short while. The pizza joint,  we got them up to standards within the two week period that they had. So they didn't get suspended. Because what would happen to a business if that card is card processing suspended, it'd be really bad.

Now you and I, we have to deal with the fallout as consumers because we used our card and the card might've been duplicated by someone working in that store. Our card number may be stored on a computer. In the case of another doctor's office, that's exactly what was happening.

The card number was being stored. then that information was then being sent off for processing, and then they would repeatedly enter the card information. Now there are some sites that have these virtual terminals that you can use, which is really great, where you are typing in the card number. But remember if your computer has a keystroke tracker, a key logger on it, and you're typing in credit card numbers. That's easily recognizable and you're going to get in trouble with the payment card industry, It's a very bad thing all the way around. So be very careful.

There are a whole bunch of security instances where this has happened and the Verizon payment security report is showing businesses just are not compliant. According to the data that they gathered here in 2019, less than 30% of organizations achieved compliance during interim compliance validation. That's like the pizza shop I was talking about, all we had to do with them was move them up to prosumer hardware. We had to get them to upgrade some of their software on their computers and change the software they were using because OMG. It was just crazy, the software. I couldn't believe what it was doing, but we got them all in all setup, all taken care of her. But less than 30% of the businesses that had to comply during the interim compliance validation period did not meet the compliance.

My bottom line here is to start now because Man oh Man applying quick fixes instead of creating and executing an overall strategy is really going to affect your compliance with PCI or any of the other standards out there, any of them. Just like the pizza shop and the doctor's office, I just mentioned, in both cases, we had to upgrade their systems, move things around, split up their network, have better encryption on the Wi-Fi, split off a customer network. So there's no way for any of them to get back and forth, and firewall some of their internal systems. So keep that in mind as well.

We're not going to get into the whole electronic voting thing, which also showed up in this Verizon report.

We only have a couple more minutes, so let's get into the Android, part here. this is an important one as well because we're seeing some new tricks.

Wired has an article by Lily Hay Newman saying she's calling them foreboding. Isn't it? here's what's happening. First of all, it's far more common on PCs, but as some of the newer research is showing that mobile ransomware has undergone an, a real evolution here.

We've seen it to the point recently where you go to a website and that website now uses your Android phone to start Bitcoin mining. Remember that? So if your Android phone is getting like really hot. It might be making money for somebody else they're using your computing power, but there's a lot of other things that are harmful.

Now, of course, in Bitcoin mining, it could burn up your Android phone and that's happened more than once. This silly thing gets so hot, it just melts down. But along with all kinds of types of PC malware used in these types of attacks against hospitals, municipal government, and any institution that can't tolerate downtime.

There's another platform that's really getting hit hard recently with ransomware and that's android phones. New research from Microsoft is also showing the criminal hackers are really putting time and resources into refining mobile ransomware tools. So why do you invest money? Because you're making money?

So the fact that they're investing money into coming up with new ransomware tools means. It's making the money. People are paying the ransoms.

There is some new software you might not be familiar with it. Of course, Microsoft has a windows defender. It's been on windows for a bit. Now it's actually quite good.

Microsoft also has released Microsoft defender for Linux, which really shocked me. I haven't tried it yet. And Microsoft defender on mobile. They've looked at a lot of different Android ransomware families, and apparently, they've added some really clever tricks, including a new note delivery mechanism. They've got improved techniques to avoid detection and they've even got machine learning built into the ransomware, that's attacking Android phones. That can be used to really fine-tune the attacks for different peoples android devices. So be extra careful out there, everybody.

We talked about in the first hour an attack that's going on right now, that's primarily directed at Republicans, but I think a lot of Democrats and independents would also open these emails and opening these files it's a very dangerous place out there. Use filters, use some of the anti-malware software. On an iPhone, there really isn't any.  You certainly don't need it as much, at least at this point. On Android, however, there is some great anti-ransomware software and you might just try Microsoft defender, which is a basic stopgap for you.

But, do be careful out there, everybody.

All right. So keep an eye out for my emails.

We've got more coming out here. I'm trying to go up to two a week, maybe even three a week, doing a little training. You might have noticed the last three weeks, my emails have looked different and I dropped some of the information in it because I think it was just visually confusing.

So make sure you are on my email list. Get my newsletter. Get all of this free training. All of this information that you need as a home user or a business user, or a business owner.

Go to Craig peterson.com/subscribe. Craig Peterson that's SON.com/subscribe and have a great week.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553